Wednesday, June 18, 2008

M$: Server Hardening & Auditing

Don't laugh, sometimes you have to deal with this whether you like it or not.

I'm looking for tools to perform M$ Windows Server Hardening & Auditing, I know Microsoft Baseline Security Analyzer and IIS Lockdown but are there other tools you use to assist you in Hardening & Auditing operation such as hardening regedit keys, auditing Active Directory and so forth.

If your job is managing M$ Server Farm, how do you perform your task to make sure all servers have same set of configuration and policy, and they are all monitored properly?

I would like to hear from you, and recommend me good tools and methods of doing these. There's no real secure OS, there's only capable or bullshit sysadmin!

Wake up sysadmin, system security is part of your job .....

Enjoy ;]

5 comments:

Sifu Kurt said...

There are a few tools I use when I'm stuck having to harden Windows. It is also important to note that all of these tools are free. (I'm cheap when it comes to Windows stuff.) First, you might want to take a look at the SRR (Security Readiness Review) scripts put out by the Information Assurance Support Environment. Their checklists and STIG documents are also quite good. (And almost absurdly thorough.) Second, I like the free SecutorPrime tool from ThreatGuard. Great program and does a very nice job. And finally, I also use Secunia's PSI program, though this one I generally consider to be optional. It helps with making sure your installed 3rd party software is up to date.

Hope this helps.

Kurt
sifukurt [at] yahoo [dot] com

Anonymous said...

Check out the hardening checks used by Nessus.

Anonymous said...

Take a look at CORE FORCE [OpenBSD pf for windows + extra tools :) ],
IIS Lockdown is a part of IIS6&7, in my opinion the best tool for IIS is SecureIIS by eEye, unfortunately is not free :(

Anonymous said...

Core Force looked great, but unfortunately they aren't maintaining it anymore according to the below thread:

http://force.coresecurity.com/index.php?module=xarbb&func=viewtopic&tid=319

C.S.Lee(geek00L) said...

Hi all,

Thanks for the good information sharing here, appreciate it!