News

Microsoft Publishes Security Operations Guide

• By Scott Bekker
• 03/28/2002

The guide, which can be found here, includes guidelines, cheat sheets and scripts.

Chapters deal with topics including platform security overviews, using Group Policy Objects to manage security, securing servers based on role, patch management, intrusion detection and incident response.

The kit includes "Job Aids" for assessing threats and vulnerabilities, a checklist of top security blunders, a chart of common attacks and countermeasures and an incident response quick reference card.

The guide ranges from the very broad down to the very specific. "This guide will help you identify the risks inherent in a networked environment, help you to work out the level of security appropriate for your environment, and show you the steps necessary to achieve that level of security. Although targeted at the enterprise customer, much of this guide is appropriate for organizations of any size," Microsoft's guide reads.

The guide focuses on operations for creating and maintaining a secure environment on servers running Windows 2000. Microsoft gets into specific detail in the text and appendices about specific services that should be disabled and what operators to use with the Microsoft Network Security Hotfix tool (Hfnetchk). However, Microsoft warns that the scope of the guide cannot show users how to run specific applications in a secure fashion.

Microsoft positions the guide as part of its Strategic Technology Protection Program (STPP), an initiative launched in October 2001. Microsoft recently reaffirmed that security is on its mind in January when chairman and chief software architect Bill Gates issued his Trustworthy Computing e-mail.

The guide can be read in a browser or downloaded as an 800 KB executable file that extracts into the Adobe Acrobat format.