[Dshield] Query on win2k security

Mike LeBlanc mlinfosec at comcast.net
Wed Dec 14 01:28:12 GMT 2005

Can anyone point me to a good resource on win2k security (general).
Internal audit has hit me with an item
that I need to be monitoring directories and registry entries for changes.
When pressed audit will not tell me
which entries, but the examples they gave me were things that are covered by
GPOs.  They are still under the
NT security model, and when I stated these would be covered under GPOs he
asked me what a GPO was!!!
His "finding" was rather vague (as many of them are).

I've looked on the NIST/NSA sites for specifics on win2k (server) doc, but
don't seem to find any.  Can someone
give me a "best practice" approach to answer his concern regarding server
security (monitoring).  I am looking
at HIDS for the servers anyway -- can folks share what they are doing for
server security?  Auditing?  HIDS/HIPS?
Syslogging from audit logs?  What are folks doing for syslogging

We use Bindview for semi-regular review, but many of the canned reports
cover old issues, and after the fact.  I
really am leaning toward a "live" solution like HIDS.  Thoughts? Comments?

Any thoughts, direction is appreciated!


More information about the list mailing list