Hi Chris, You best bet is to start here:
http://www.cisecurity.org/ That'll give you both templates based on best practice and a scoring tool to sink your teeth into. There is indeed plenty more you can do, depending on your environment, to harden Windows systems. Obviously once deployed, you should also have a patching policy. AV and HIDS are good. Proper change management, build policy, admin restriction, etc. are the other "soft" bit that keep it the way you designed it. alan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian Koerner Sent: 04 May 2008 00:13 To: [email protected] Subject: Binding Windows Services to Specific Addresses Only -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everybody! When it comes to Windows hardening and in specific restricting Windows' services, the only suggestions that I've found so far are: *) disable unnecessary services *) restrict network access through packet filtering What else can be done and isn't it possible to bind Windows' services to a specific address/interface, e.g. LAN. Thanks in advance Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIHPGV6rqywW28g1IRAohNAKCQ9vfcx/N5vRr0bbbiBityYayO4wCgottt +JClyFFafYzq0ojEA0AfS1c= =2nbF -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME cryptographic signature
