[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ISSForum] Securing RealSecure / SiteProtector Hosts
First ask yourself why and what you want to harden (i.e. what is your threat model).
Be very very careful, ISS produce major upgrades every six months or so and their implementation can be quite traumatic on anything but the most vanilla deployments.
Microsoft Security Configuration Editor templates are a good way to go and can be applied from the command line or via the MMC snapin.
You can run Server Sensor and also System Scanner, just dont allow it to "lock down" or you will never uninstall Site Protector afterwards.
ISS have produced an SQL server hardening script for Service Release 3.0, but I have had limited success with it.
If you want to monitor application configurations, best go look at Tripwire for Servers.
And ....test it before you go live with it.
>>> "Dan Widger" <DWidger@xxxxxxxxxxx> Friday 23, January, 2004 20:36:03 >>>
I've been asking around for a while, and haven't found a viable answer
for the following questions. Maybe you have asked yourselves these
questions, and already found the answers,
How can I secure the hosts that make up a Site Protector system?
Are there any scripts that can harden a windows (2K) host supporting the
identified SiteProtector pieces (identified below).
What services are needed?
I can find notes that identify what ports and protocols are typically
used, but I'm looking for all the relevant info in one doc.
What kind of application protection can I use to protect these hosts
(Server Sensor, Desktop Protector, 3rd Party solutions like Entercept,
or Cisco CSA)?
I've been told that I can't use ServerSensor, and I can't use Desktop
Protector. But - What Can I Use?
This e-mail message shall not be construed as legally binding on the Bank for International Settlements (BIS). As internet communications are not secure, the BIS does not accept responsibility for the content of this message.
This message is intended only for the recipient(s) named above. Any unauthorized disclosure, use or dissemination, either in whole or in part, of this message is prohibited. If you have received this message in error, please inform the sender immediately by return e-mail and delete this message and any attachments thereto from your system.
Thank you for your co-operation.
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo