We also utilize the DISA Gold Disk hereabouts... and of course, we all concur with the previous writers, Sgt. Morris and Paul.
While the DISA Gold Disk is indeed Outstanding and Extremely Useful as a Reference tool and Fully Functional in terms of it's ability to read the .infs to perform the 'lock-downs' it also Pays to Read the STIGs. Automation is certainly what we strive for, however, without human interaction on part of an Engineer, or an Examiner, what have you, we become too reliant on tools that may be compromised, themselves. Don't take this as a Luddite's view, just apply Common Sense to the effort, as noted by the previous writers. --- Marc Handelman > From: Morris Sgt Derek P <[EMAIL PROTECTED]> > Date: Tue, 13 May 2008 13:37:14 -0700 > To: <[email protected]> > Subject: RE: XP Hardening > Resent-From: <[EMAIL PROTECTED]> > Resent-Date: Tue, 13 May 2008 14:01:39 -0600 (MDT) > > > I'll second the DISA Gold Disk option for hardening systems, but like Paul > said, check EVERY OPTION before you do it. I guarantee (from personal > experience) that it will break your system if you just do it to the default > level. It is however an outstanding tool. > > Sgt Morris > USMC > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of [EMAIL PROTECTED] > Sent: Tuesday, May 13, 2008 11:35 > To: [email protected] > Subject: Re: XP Hardening > > > -------------- Original message ---------------------- > From: [EMAIL PROTECTED] >> Can anyone direct me to some resources explaining hardening procedures >> for windows XP. > > The US Defense Department puts their hardening guide online. They have an > automated tool called the Gold Disk that can scan your system and generate a > report of vulnerabilities it finds. The Gold Disk can also apply most of the > settings automatically. > > A strong warning however - applying the Gold Disk settings wholesale is > guaranteed to cause you problems. > > It is far better to selectively choose the settings you want to apply - you > don't need to apply everything. On a default system, it'll find over 100 > different settings that it recommends changing. > > Paul > > This is a download link for the latest Gold Disk ISO image - > > http://iase.disa.mil/stigs/SRR/gdv2_cd1_engine_03_25_2008.iso
smime.p7s
Description: S/MIME cryptographic signature
