[ISN] Microsoft offers Windows security guide

From: InfoSec News (isnat_private)
Date: Sun Apr 27 2003 - 23:18:41 PDT

  • Next message: InfoSec News: "[ISN] REVIEW: "Firewalls and Internet Security", William R. Cheswick/Steven M. Bellovin/Aviel D. Rubin"

    http://news.com.com/2100-1012-998390.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    April 25, 2003
    
    Microsoft released on Friday a tutorial and templates to help system 
    administrators lock down the security of computers running the 
    company's newest operating system, Windows Server 2003. 
    
    The tutorial consists of portable document files (PDFs) detailing the 
    reasoning behind configuring the server software for various 
    applications, from a Web server connected to the Internet to a domain 
    controller on a company's internal network. Also included are examples 
    of Microsoft-recommended configurations for specific applications. 
    
    "There are a lot of different settings that a customer can set on 
    something like a Web server," said Michael Stephenson, lead program 
    manager for Windows Server 2003. "What the guide does is explain to 
    customers why they would want a setting a certain way." 
    
    The publication of the security how-to guide came a day after the 
    launch of the next generation of Microsoft's server OS. Among other 
    things, the guide contains explanations, checklists, sample 
    configurations and scripts for setting up eight different classes of 
    servers using Windows Server 2003. 
    
    Along with the Windows Server 2003 guide, the software giant released 
    another set of documents, called "Threats and Countermeasures," which 
    describes the various security options that can be set in Windows 2003 
    and XP. 
    
    The guides are Microsoft's latest tactic in the battle to help better 
    secure customers who install its software, as part of the Trustworthy 
    Computing Initiative, the giant's 15-month-old strategy to increase 
    customers' faith in its products. 
    
    That's why Microsoft has decided to make a large body of best-practice 
    documents available for Windows users, Stephenson said. 
    
    "As part of Trustworthy Computing, we need to make it easier to be 
    secure in a certain environment, and that's not something that we want 
    to charge for," Stephenson said. 
    
    The software giant has occasionally released such tools to help 
    administrators identify vulnerabilities and harden the company's 
    operating systems. The guides build on another set of similar 
    documents released in mid-March for Windows 2000. 
    
    In February 2002, Microsoft released the Baseline Security Advisor, a 
    free application designed to let system owners scan their computers 
    for Microsoft applications that were missing patches. 
    
    In two weeks, the company plans to put the Windows Server 2003 guide's 
    lessons into a Web tutorial format, to make learning the document's 
    content easier. Microsoft also plans to release a new tool this summer 
    to automate the configuration of Windows Server 2003 systems, 
    Stephenson said. 
    
    "This plays well to what we are doing in the future...automating 
    security and configurations," Stephenson said. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 01:46:18 PDT