3

Can anyone point me at some good resources on Windows hardening servers and desktop? From 2000 upwards. Thanks.

zorba
  • 31
  • 1

5 Answers5

3

My go-to site for this sort of thing is the NSA.

Check out http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml for a number of OSes that they support for hardening.

1

http://nvd.nist.gov/fdcc/index.cfm

also search on disa stig!

tony roth
  • 3,884
  • 18
  • 14
  • I wish I had the balls to implement the FDCC where I work, but whiny users would roam the halls looking for my head. – songei2f Feb 04 '11 at 03:00
0

This site helped me a lot on the "acient" side :)

http://www.gotroot.com/Windows+Hardening+Guide

Pitto
  • 2,009
  • 10
  • 33
  • 49
0

The CERT(R) Guide to System and Network Security Practices by Julia Allen merits a look.

jl.
  • 1,076
  • 8
  • 10
0
  • CIS Security Benchmarks, a 300 page document, contains well-described guidelines sanctioned by Microsoft, NIST and NSA, provided for Windows Server 2000, 2003, 2008, 2012.

The configuration recommendations contained in this document reflect consensus between Microsoft Corporation, The National Institute of Standards and Technology (NIST), and the Center for Internet Security (CIS).

At the request of Microsoft and the Center for Internet Security, the National Security Agency Information Assurance Directorate participated in the review of these recommendations and provided comments that were incorporated into the final published version.

  • As mentioned before, there are the STIGs, configuration standards for the DoD. For Windows Server 2012 there are more than 400 guidelines in xml format requiring the STIG-viewer (jar file).
AHalvar
  • 107
  • 1
  • 2