Educause Security Discussion mailing list archives
Re: FW: Checklist for securing Windows XP systems
From: "Weeks, Calvin W." <cweeks () OU EDU>
Date: Thu, 29 Jul 2004 09:33:03 -0500
We have used the NIST and the NSA guides over the past four years at the University of Oklahoma and have found them to be very valuable to our security efforts. We spent some time working with our public access areas, labs, residential housing, and research community and have put together a script that will automatically apply the NIST recommendations to workstations. This version is our public version that we distribute too our non-university owned workstations and you are welcome to use as you wish: http://security.ou.edu/distribution/OU_BP_Security_Scripts_2.exe Hash Value: bca4ef56f26e1e44d6082ab7416dfb7b Please, test on a non production machine before using and pay attention to comments when you run the script. This can be applied to Win 2000 Pro/Server, Win XP, and Win 2003; however we have found that you should always apply the security settings manually on servers and we only use this script for workstations. We are working on customizing scripts that will work for servers, but you have to make a script for each type of server that you have (i.e., webserver, file/print server, Domain controller, DNS, DHCP, etc.) If you of you have any questions you may contact myself or Jason Britton (fulco () ou edu) and please, give us feedback for improvements to the script. Calvin Weeks, EnCE, CISSP, CISM Director, OU Cyber Forensics Lab University of Oklahoma Phone: 405-325-8334 http://cfl.ou.edu <http://cfl.ou.edu/> http://security.ou.edu <http://security.ou.edu/> ________________________________ From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Shaurette Sent: Thursday, July 29, 2004 8:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] FW: Checklist for securing Windows XP systems Subject: Checklist for securing Windows XP systems This may be of interest to your organizations if you have not already become aware of it. The National Institute of Standards and Technology Information Technology Laboratory Computer Security Division last month published the draft of a document to help IT professionals secure Windows XP systems. The document is "Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist - Special Publication 800-68" You can find it at: http://csrc.nist.gov/itsec/guidance_WinXP.html <http://csrc.nist.gov/itsec/guidance_WinXP.html> "SP 800-68" comes in a ZIP file with a 147-page PDF file and four template files. The template files offer reference materials and suggested user-profile settings for: * Small-office/home-office systems (small, informal, stand-alone). * Large enterprises (managed, structured, well-staffed). * High-security systems (at risk of attack or data exposure, critical systems; may be subset of other environments). * Legacy systems (older, outdated communications modalities). SP 800-68 provides (quoting from the executive summary and adding bullets): * Detailed information about the security of Windows XP. * Security configuration guidelines for popular applications. * Security configuration guidelines for the Windows XP operating system. * Methods that system administrators can use to implement each security setting recommended. Chapters include: * Windows XP Security Guide Development * Windows Security Components Overview * Installation, Backup and Patching * Overview of the Windows XP Security Policy Configuration and Templates * NIST Windows XP Template Settings Overview * Additional Windows XP Configuration Guidance * Application Specific Security Configuration Guidance Appendices include information on the NIST security template settings, information on Windows XP Service Pack 2, Release Candidate 2, commonly used TCP/IP ports on Windows XP systems, tools, resources and acronyms. Ken ------ Ken M. Shaurette, CISSP, CISA, CISM kmshaurette () mpccorp com Information Security Solutions Manager MPC Security Solutions <www.mpcscorp.com <file:///\\www.mpcscorp.com> > or <www.buympc.com <file:///\\www.buympc.com> > (262) 523-3300 x60486 FAX 262-523-3333 ------ National Security Awareness Day - September 10, 2004 - Are you aware? ------ ******************************************** This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication may represent the originator's personal views and opinions, which do not necessarily reflect those of MPC Security Solutions. If you have received this email in error, further dissemination, forwarding, printing or copying of this email is prohibited, please notify the sender and delete this email and destroy any hard copy. ******************************************** Disclaimer: 29/7/2004 MPC Computers is providing the following information in compliance with federal regulations: MPC Computers, LLC 906 E. Karcher Road Nampa, Idaho 83687 1-888-224-4247 http://www.mpccorp.com <http://www.mpccorp.com> If you wish to unsubscribe to all e-mail communications with MPC, please click on the link below. http://www.mpccorp.com/email/unsubscribe.html <http://www.mpccorp.com/email/unsubscribe.html> ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- FW: Checklist for securing Windows XP systems Ken Shaurette (Jul 29)
- <Possible follow-ups>
- Re: FW: Checklist for securing Windows XP systems Weeks, Calvin W. (Jul 29)
- Re: FW: Checklist for securing Windows XP systems Brent Sweeny (Jul 29)
- Re: FW: Checklist for securing Windows XP systems Weeks, Calvin W. (Jul 29)