[Dshield] Query on win2k security

Louis Hablas Louis.Hablas at rzim.org
Wed Dec 14 14:01:23 GMT 2005


Check out this site... http://www.cisecurity.org/

Many baseline examples

HTH

Lou

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Mike LeBlanc
Sent: Tuesday, December 13, 2005 8:28 PM
To: General DShield Discussion List
Subject: [Dshield] Query on win2k security
Importance: High

Can anyone point me to a good resource on win2k security (general).
Internal audit has hit me with an item
that I need to be monitoring directories and registry entries for
changes.
When pressed audit will not tell me
which entries, but the examples they gave me were things that are
covered by
GPOs.  They are still under the
NT security model, and when I stated these would be covered under GPOs
he
asked me what a GPO was!!!
His "finding" was rather vague (as many of them are).

I've looked on the NIST/NSA sites for specifics on win2k (server) doc,
but
don't seem to find any.  Can someone
give me a "best practice" approach to answer his concern regarding
server
security (monitoring).  I am looking
at HIDS for the servers anyway -- can folks share what they are doing
for
server security?  Auditing?  HIDS/HIPS?
Syslogging from audit logs?  What are folks doing for syslogging
normalization?

We use Bindview for semi-regular review, but many of the canned reports
cover old issues, and after the fact.  I
really am leaning toward a "live" solution like HIDS.  Thoughts?
Comments?

Any thoughts, direction is appreciated!

ml
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own
couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list