Hello Dan,
First ask yourself why and what you want to harden (i.e. what is your threat model).
Be very very careful, ISS produce major upgrades every six months or so and their
implementation can be quite traumatic on anything but the most vanilla deployments.
Microsoft Security Configuration Editor templates are a good way to go and can be
applied from the command line or via the MMC snapin.
You can run Server Sensor and also System Scanner, just dont allow it to "lock down"
or you will never uninstall Site Protector afterwards.
ISS have produced an SQL server hardening script for Service Release 3.0, but I have
had limited success with it.
If you want to monitor application configurations, best go look at Tripwire for
Servers.
And ....test it before you go live with it.
Stephen
>>> "Dan Widger" <[EMAIL PROTECTED]> Friday 23, January, 2004 20:36:03 >>>
I've been asking around for a while, and haven't found a viable answer
for the following questions. Maybe you have asked yourselves these
questions, and already found the answers,
How can I secure the hosts that make up a Site Protector system?
Are there any scripts that can harden a windows (2K) host supporting the
identified SiteProtector pieces (identified below).
What services are needed?
I can find notes that identify what ports and protocols are typically
used, but I'm looking for all the relevant info in one doc.
What kind of application protection can I use to protect these hosts
(Server Sensor, Desktop Protector, 3rd Party solutions like Entercept,
or Cisco CSA)?
SiteProtector Pieces
Application Server
Event Collector
Internet Scanner
Desktop Controller
I've been told that I can't use ServerSensor, and I can't use Desktop
Protector. But - What Can I Use?
Danw
Security engineer
Disclaimer
This e-mail message shall not be construed as legally binding on the Bank for
International Settlements (BIS). As internet communications are not secure, the BIS
does not accept responsibility for the content of this message.
This message is intended only for the recipient(s) named above. Any unauthorized
disclosure, use or dissemination, either in whole or in part, of this message is
prohibited. If you have received this message in error, please inform the sender
immediately by return e-mail and delete this message and any attachments thereto from
your system.
Thank you for your co-operation.
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
