[Dshield] Query on win2k security
rick at famhost.com
Wed Dec 14 11:07:25 GMT 2005
> Can anyone point me to a good resource on win2k security
> (general). Internal audit has hit me with an item that I need
> to be monitoring directories and registry entries for
> changes. When pressed audit will not tell me which entries,
> but the examples they gave me were things that are covered by
> GPOs. They are still under the NT security model, and when I
> stated these would be covered under GPOs he asked me what a
> GPO was!!! His "finding" was rather vague (as many of them are).
> I've looked on the NIST/NSA sites for specifics on win2k
> (server) doc, but don't seem to find any. Can someone give
> me a "best practice" approach to answer his concern regarding
> server security (monitoring). I am looking at HIDS for the
> servers anyway -- can folks share what they are doing for
> server security? Auditing? HIDS/HIPS? Syslogging from audit
> logs? What are folks doing for syslogging normalization?
> We use Bindview for semi-regular review, but many of the
> canned reports cover old issues, and after the fact. I
> really am leaning toward a "live" solution like HIDS.
> Thoughts? Comments?
Virus Scanned and Filtered by - http://www.FamHost.com E-Mail System.
More information about the list