[Dshield] Query on win2k security

Louis Hablas Louis.Hablas at rzim.org
Wed Dec 14 14:01:23 GMT 2005

Check out this site... http://www.cisecurity.org/

Many baseline examples



-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Mike LeBlanc
Sent: Tuesday, December 13, 2005 8:28 PM
To: General DShield Discussion List
Subject: [Dshield] Query on win2k security
Importance: High

Can anyone point me to a good resource on win2k security (general).
Internal audit has hit me with an item
that I need to be monitoring directories and registry entries for
When pressed audit will not tell me
which entries, but the examples they gave me were things that are
covered by
GPOs.  They are still under the
NT security model, and when I stated these would be covered under GPOs
asked me what a GPO was!!!
His "finding" was rather vague (as many of them are).

I've looked on the NIST/NSA sites for specifics on win2k (server) doc,
don't seem to find any.  Can someone
give me a "best practice" approach to answer his concern regarding
security (monitoring).  I am looking
at HIDS for the servers anyway -- can folks share what they are doing
server security?  Auditing?  HIDS/HIPS?
Syslogging from audit logs?  What are folks doing for syslogging

We use Bindview for semi-regular review, but many of the canned reports
cover old issues, and after the fact.  I
really am leaning toward a "live" solution like HIDS.  Thoughts?

Any thoughts, direction is appreciated!

Learn about Intrusion Detection in Depth from the comfort of your own

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list