Microsoft Publishes Security Operations Guide

Microsoft Corp. produced a Security Operations Guide for Windows 2000 Server this month as part of its concentrated push to elevate the priority of security in its products.

The guide, which can be found here, includes guidelines, cheat sheets and scripts.

Chapters deal with topics including platform security overviews, using Group Policy Objects to manage security, securing servers based on role, patch management, intrusion detection and incident response.

The kit includes "Job Aids" for assessing threats and vulnerabilities, a checklist of top security blunders, a chart of common attacks and countermeasures and an incident response quick reference card.

The guide ranges from the very broad down to the very specific. "This guide will help you identify the risks inherent in a networked environment, help you to work out the level of security appropriate for your environment, and show you the steps necessary to achieve that level of security. Although targeted at the enterprise customer, much of this guide is appropriate for organizations of any size," Microsoft's guide reads.

The guide focuses on operations for creating and maintaining a secure environment on servers running Windows 2000. Microsoft gets into specific detail in the text and appendices about specific services that should be disabled and what operators to use with the Microsoft Network Security Hotfix tool (Hfnetchk). However, Microsoft warns that the scope of the guide cannot show users how to run specific applications in a secure fashion.

Microsoft positions the guide as part of its Strategic Technology Protection Program (STPP), an initiative launched in October 2001. Microsoft recently reaffirmed that security is on its mind in January when chairman and chief software architect Bill Gates issued his Trustworthy Computing e-mail.

The guide can be read in a browser or downloaded as an 800 KB executable file that extracts into the Adobe Acrobat format.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.