[SECURITY-L] Microsoft offers Windows security guide
Daniela Regina Barbetti Silva
daniela em ccuec.unicamp.br
Ter Maio 6 13:45:07 -03 2003
----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----
From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] Microsoft offers Windows security guide
To: seguranca em pangeia.com.br
Date: Mon, 28 Apr 2003 09:12:51 -0300
[http://news.com.com/2100-1012-998390.html]
By Robert Lemos
Staff Writer, CNET News.com
April 25, 2003
Microsoft released on Friday a tutorial and templates to help system
administrators lock down the security of computers running the
company's newest operating system, Windows Server 2003.
The tutorial consists of portable document files (PDFs) detailing the
reasoning behind configuring the server software for various
applications, from a Web server connected to the Internet to a domain
controller on a company's internal network. Also included are examples
of Microsoft-recommended configurations for specific applications.
"There are a lot of different settings that a customer can set on
something like a Web server," said Michael Stephenson, lead program
manager for Windows Server 2003. "What the guide does is explain to
customers why they would want a setting a certain way."
The publication of the security how-to guide came a day after the
launch of the next generation of Microsoft's server OS. Among other
things, the guide contains explanations, checklists, sample
configurations and scripts for setting up eight different classes of
servers using Windows Server 2003.
Along with the Windows Server 2003 guide, the software giant released
another set of documents, called "Threats and Countermeasures," which
describes the various security options that can be set in Windows 2003
and XP.
The guides are Microsoft's latest tactic in the battle to help better
secure customers who install its software, as part of the Trustworthy
Computing Initiative, the giant's 15-month-old strategy to increase
customers' faith in its products.
That's why Microsoft has decided to make a large body of best-practice
documents available for Windows users, Stephenson said.
"As part of Trustworthy Computing, we need to make it easier to be
secure in a certain environment, and that's not something that we want
to charge for," Stephenson said.
The software giant has occasionally released such tools to help
administrators identify vulnerabilities and harden the company's
operating systems. The guides build on another set of similar
documents released in mid-March for Windows 2000.
In February 2002, Microsoft released the Baseline Security Advisor, a
free application designed to let system owners scan their computers
for Microsoft applications that were missing patches.
In two weeks, the company plans to put the Windows Server 2003 guide's
lessons into a Web tutorial format, to make learning the document's
content easier. Microsoft also plans to release a new tool this summer
to automate the configuration of Windows Server 2003 systems,
Stephenson said.
"This plays well to what we are doing in the future...automating
security and configurations," Stephenson said.
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L