[unisog] Windows 2K and XP security settings?

Tracey A. Losco tal1 at its.nyu.edu
Thu Jun 13 20:11:43 GMT 2002


Hey there,

The Center for Internet Security has a really good set of configurations
and a tool to score desktop configurations.  They have them for NT & W2K.
Their site is at www.cisecurity.org.

Take a look,

Tracey

--------------------------------------------------------------------
Tracey Losco
Network Security Analyst		security at nyu.edu
ITS - Network Services			http://www.nyu.edu/its/security
New York University			(212) 998 - 3433

PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5

On Thu, 13 Jun 2002 Phil.Rodrigues at uconn.edu wrote:

> Hi all,
>
> I have been asked by our desktop support / PC standards folks to give some
> security-minded recommendations for their new Windows 2000 and XP images.
> I can think of some things off of the top of my head, and I'll bet after a
> bit of research I can think of a few more.  What do you all do to help
> secure your standard "NT-ish" installs?  (I know it is a broad question.)
>
> Some things they mention they do:
>
> - Patched to current service pack / windows update / security hotfix
> standard for the OS and browser
> - Strong administrative passwords
> - Antivirus auto-updates once per day
>
> Some ideas off the top of my head:
>
> - Rename the administrative accounts
> - Enable personal firewall for XP (prob creates more support issues than
> it solves)
> - Restrict Anonymous setting to disable account enumeration
> - Enable logon/logoff auditing to help track crack attempts
> - Set strong password policies for all local accounts
> - Enable auto-download of security updates
>
> I feel like this is my one crack at helping to secure the desktop for the
> next year.  Help me get it right! ;-)
>
> Phil
>
> =======================================
> Philip A. Rodrigues
> Network Analyst, UITS
> University of Connecticut
>
> email: phil.rodrigues at uconn.edu
> phone: 860.486.3743
> fax: 860.486.6580
> web: http://www.security.uconn.edu
> =======================================
>
>



More information about the unisog mailing list