[SECURITY-L] Microsoft offers Windows security guide

[Daniela Regina Barbetti Silva]

----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----

From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] Microsoft offers Windows security guide
To: seguranca em pangeia.com.br
Date: Mon, 28 Apr 2003 09:12:51 -0300


[http://news.com.com/2100-1012-998390.html]

By Robert Lemos 
Staff Writer, CNET News.com
April 25, 2003

Microsoft released on Friday a tutorial and templates to help system 
administrators lock down the security of computers running the 
company's newest operating system, Windows Server 2003. 

The tutorial consists of portable document files (PDFs) detailing the 
reasoning behind configuring the server software for various 
applications, from a Web server connected to the Internet to a domain 
controller on a company's internal network. Also included are examples 
of Microsoft-recommended configurations for specific applications. 

"There are a lot of different settings that a customer can set on 
something like a Web server," said Michael Stephenson, lead program 
manager for Windows Server 2003. "What the guide does is explain to 
customers why they would want a setting a certain way." 

The publication of the security how-to guide came a day after the 
launch of the next generation of Microsoft's server OS. Among other 
things, the guide contains explanations, checklists, sample 
configurations and scripts for setting up eight different classes of 
servers using Windows Server 2003. 

Along with the Windows Server 2003 guide, the software giant released 
another set of documents, called "Threats and Countermeasures," which 
describes the various security options that can be set in Windows 2003 
and XP. 

The guides are Microsoft's latest tactic in the battle to help better 
secure customers who install its software, as part of the Trustworthy 
Computing Initiative, the giant's 15-month-old strategy to increase 
customers' faith in its products. 

That's why Microsoft has decided to make a large body of best-practice 
documents available for Windows users, Stephenson said. 

"As part of Trustworthy Computing, we need to make it easier to be 
secure in a certain environment, and that's not something that we want 
to charge for," Stephenson said. 

The software giant has occasionally released such tools to help 
administrators identify vulnerabilities and harden the company's 
operating systems. The guides build on another set of similar 
documents released in mid-March for Windows 2000. 

In February 2002, Microsoft released the Baseline Security Advisor, a 
free application designed to let system owners scan their computers 
for Microsoft applications that were missing patches. 

In two weeks, the company plans to put the Windows Server 2003 guide's 
lessons into a Web tutorial format, to make learning the document's 
content easier. Microsoft also plans to release a new tool this summer 
to automate the configuration of Windows Server 2003 systems, 
Stephenson said. 

"This plays well to what we are doing in the future...automating 
security and configurations," Stephenson said. 


----- End forwarded message -----