[Dshield] Query on win2k security

Rick Klinge rick at famhost.com
Wed Dec 14 11:07:25 GMT 2005

> Can anyone point me to a good resource on win2k security 
> (general). Internal audit has hit me with an item that I need 
> to be monitoring directories and registry entries for 
> changes. When pressed audit will not tell me which entries, 
> but the examples they gave me were things that are covered by 
> GPOs.  They are still under the NT security model, and when I 
> stated these would be covered under GPOs he asked me what a 
> GPO was!!! His "finding" was rather vague (as many of them are).
> I've looked on the NIST/NSA sites for specifics on win2k 
> (server) doc, but don't seem to find any.  Can someone give 
> me a "best practice" approach to answer his concern regarding 
> server security (monitoring).  I am looking at HIDS for the 
> servers anyway -- can folks share what they are doing for 
> server security?  Auditing?  HIDS/HIPS? Syslogging from audit 
> logs?  What are folks doing for syslogging normalization?
> We use Bindview for semi-regular review, but many of the 
> canned reports cover old issues, and after the fact.  I 
> really am leaning toward a "live" solution like HIDS.  
> Thoughts? Comments?



Virus Scanned and Filtered by - http://www.FamHost.com E-Mail System.

More information about the list mailing list