procedures for Securing NT?

anonym00se · 31-05-2000 2:59pm #1

Being from a mainly Unix background I would be interested in hearing how any of you NT heads (if there are any here) go about securing your boxes, and once you have got them to a satisfactorily secured level what steps do you take to make sure they stay that way.

zenith · 31-05-2000 3:27pm

http://www.microsoft.com/technet/security/iischk.asp is a very good place to start, and then you keep an eye on CERT, NTBugtraq and MS's own mailing lists.

As long as you keep on patching, it'll stay secure for ya. All politics aside, it's not a bad bit of kit.

anonym00se · 31-05-2000 3:34pm

I already have a procedure setup, I was more wondering what extra things people did, rather than being show yet another text on the matter, or do you all just go pull the first document you find on securing NT off the web and use that as your procedure???

On a side note just because you patch something does not mean it is fixed, take a look at the problems l0pht had with antisniff

ecksor · 31-05-2000 10:47pm

Originally posted by anonym00se:
I already have a procedure setup, I was more wondering what extra things people did, rather than being show yet another text on the matter, or do you all just go pull the first document you find on securing NT off the web and use that as your procedure???

Go on then, show us your procedure before you flame someone elses attempt to help.

It may not be good advice, but it is free. Larting it and expecting a better response is pretty optimistic (IMHO).

amp · 31-05-2000 11:06pm

Secure NT: a pc locked in a safe, disconnected from the network.

Lunacy Abounds! Play GLminesweeper!

anonym00se · 01-06-2000 9:54am

Originally posted by X_OR:
Go on then, show us your procedure before you flame someone elses attempt to help.

It may not be good advice, but it is free. Larting it and expecting a better response is pretty optimistic (IMHO).

Well it wasn't intended to come across that way, but unfortunately using the internet to talk to people does make it hard to put across the right tone in a post, bar using smilies which are well not that great either

. Also phrasing it poorly didnt help either.

After reading your post asking my to say what I do, I realised it is asking alot, as basically anything I do for my company cant be disclosed, so I can only assume it is the same for the rest of you.

So I guess people can either not bother replying to this thread, or continue posting the urls - I may actually find some of them useful

zenith · 01-06-2000 10:48am

Yawn.

Well, being from a Unix background, you already know all there is to know about puters. Sorry if my response was basic.

We watch, read, patch and test. That's what you do to keep any box secure. We also, as NT admins, spend eight hours a day playing solitare, because there's hardly anything else to do.

Fing · 01-06-2000 11:50am

Check out this document on builging a Bastion host under NT: http://people.hp.se/stnor/hpntbast13.pdf

Fing

anonym00se · 01-06-2000 11:56am

Originally posted by zenith:
We watch, read, patch and test. That's what you do to keep any box secure.

Yes but getting it secure in the first place is alot harder. Even though it is necissary, any one can install a patch, it is only part of keeping a box secure. But then I think we all know this, so this thread is really going no where other than maybe a flame war.

[This message has been edited by anonym00se (edited 01-06-2000).]

Hobbes · 01-06-2000 3:35pm

Your looking for more a process wise? rather then how to secure it?

While I can't post the details, my machines get hacked into (attempted anyway) at least once a week by some guy who actually gets paid to do it.

If he manages to break in I am supposed to report it (giving full audits and user info with request to investigate). I'm not told when he does it, or where from.

If I don't report it after a certain time. I get a nice email telling me to have the machine fixed by a certain time (machine has to be taken off the network until it is). Depending on the machine can mean if your fired or not if you ignore the mail.

Anyway what level of security we talking about? Physical security? or software or hardware?

anonym00se · 01-06-2000 4:02pm

I'm more interested in securing it from an OS POV. But everything helps.

zenith · 01-06-2000 4:33pm

The original question was hopelessly non-specific, and that's where the fault lies.

I'm not interested in a flame war either, as it happens.

Hope the suggestions I made are of some use to someone. Hacking Exposed http://www.amazon.co.uk/exec/obidos/ASIN/0072121270/hackwatchnews/026-4640370-7195655 is worth a read on the topic.

[This message has been edited by zenith (edited 01-06-2000).]

anonym00se · 01-06-2000 4:43pm

Yup tis a very good book, lots of info to be got from it. Well worth the buy.

[Yup I know it was realy badly worded, but bit late for that.]

procedures for Securing NT?

Comments