lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200505120605.j4C65ODF015530@turing-police.cc.vt.edu>
Date: Thu May 12 07:05:46 2005
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Useless tidbit (MS AntiSpyware) 

On Wed, 11 May 2005 11:30:46 PDT, Kurt Buff said:
> > If one [or more] of you on the list could be so kind to indicate a
> > [many] resource[s] that lame hamstung admins would be wise to follow
> > as guidlines to secure Windows systems.. it would be so much more
> > productive. espcially  for those lazy a$$ admins who may overlook the
> > single [or multiple] missed step that lets them become owned, hacked,
> > infected, unpatched, bugged, spewing, spamming, bots, rooted .... [I
> > am sure to have skipped a few important ones] ;-P
> > 
> > steve
> 
> Google is your friend - start with 'NSA security guidelines windows'.

I'll add in the Center for Internet Security benchmarks:

http://www.cisecurity.org

It covers a lot of the same stuff as the NSA guidelines (which were used as
one of the inputs). Benefits: (1) I don't know if the NSA stuff has been updated
for XP, and (2) the CIS stuff includes a scoring tool which will let you know
which things you've not tightened down.

XP SP2, current patches, and either/both of the NSA/CIS kits - I will *not*
guarantee that it's bulletproof secure, but at least the box won't be sitting
there with a 'HAX0R ME N0W' sign on it.

(No, I didn't work on the CIS Windows stuff, but I'll take at least partial
blame for the Solaris/Linux/AIX ones)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050512/e3585df8/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ