Below I have listed various resources for Server hardening:
Windows Server 2008 Security Baseline
The
Windows Server 2008 Security Baseline is updated for Windows Server 2008
Service Pack 2 (SP2). This updated
product baseline provides:
·
Setting
severity ratings, allowing you to quickly sort, prioritize, and apply Microsoft
security and compliance recommendations.
·
Consolidated
product baselines that eliminate EC and SSLF baseline components, and make
viewing, customizing, and implementing your security and compliance baselines
easier than ever!
·
New
compliance-based settings groups allow quicker and easier compliance reporting
and audit preparation, when used with the GRC management solution within System
Center.
The
Windows Hardening guides have been replaced with the corresponding Security
guides.
The security
guides for various OS and products are included within the Microsoft Security
Compliance Manager http://technet.microsoft.com/en-us/library/cc677002.aspx
You can
find each security guide under the “Attachments \Guides” section for each
product within the Compliance Manager console.
Other security documents
- Threats
and Countermeasures Guide: Security Settings in Windows Server 2003 and Windows
XP
- Microsoft
Baseline Security Analyzer (MBSA)
- Threats
and Countermeasures Guide: Security Settings in Windows Server 2008 R2 and
Windows 7
- Threats
and Countermeasures Guide: Security Settings in Windows Server 2008 and Windows
Vista
- Attack
Surface Analyzer (beta)
- Microsoft
Security Compliance Manager
- DoD
recommendations on securing various OSs
SQL
Here is a SQL Hardening guide for
Sharepoint Environments:
Microsoft SQL Server 2008 R2 Best Practices Analyzer
IIS:
IIS 6.0 Webserver Hardening:
From what I understand IIS 7 does not have a
hardening guide yet…
The following forum has really good
information on IIS7 lockdown recommendations:
SMS IIS
Hardening Checklist.
IIS7
Security PowerPoint released by our EMEA
team:
3rd Party considerations:
Due in
part to the patching diligence of most organizations, we've seen these attacks
shift from exploiting unpatched Microsoft vulnerabilities to targeting outdated
3rd party products.
In
particular Java VM and Adobe products have been heavily targeted:
- Our
Malware Protection Center (MPC) details this in the following write-up:
- Recommend upgrading any outdate Java JRE to
the latest Sun Java Version (Latest Version)
- You can
go to the following site to verify the version of Java on your system
- Also recommend installing any Adobe updates
from
Adobe X reader (Latest)
- Adobe Flash Player (Latest)
- Other Adobe updates
- Also,
Secunia has a patch management tool called Secunia Personal Software Inspector
(PSI) that will scan and check for vulnerabilities in a variety 3rd party
software.
Personal version http://secunia.com/vulnerability_scanning/personal/
No comments:
Post a Comment