The Threats and Countermeasures Guide

Version mise à jour publiée le : 28/12/2005

Security Settings in Windows Server 2003 and Windows XP. The Threats and Countermeasures guide provides you with a reference to all security settings that provide countermeasures for specific threats against current versions of the Microsoft Windows operating systems.

The chapters of this guide are structured in a way that approximates how the major sections of settings are displayed in the user interface of the Group Policy Object Editor. Each chapter begins with a brief explanation of what is in the chapter, followed by a list of subsection headers, each of which corresponds to a setting or group of settings. (These settings are listed in the Microsoft Excel workbook that is available in the downloadable version of this guide.) Each subsection provides a brief explanation of what the countermeasure does, and includes the following information:

  • Vulnerability. How an attacker might exploit a feature's configuration.
  • Countermeasure. Explains how to implement the countermeasure.
  • Potential Impact. Explains the possible negative consequences of countermeasure implementation.

Download:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B6ACF93-147A-4481-9346-F93A4081EEA8&displaylang=en

 

Windows Server 2003 Security Guide

Version mise à jour publiée le : 28/12/2005

The updated Windows Server 2003 Security Guide provides specific recommendations about how to harden computers that run Microsoft Windows Server 2003 with Service Pack 1 (SP1).

The updated Windows Server 2003 Security Guide provides specific recommendations about how to harden computers that run Microsoft Windows Server 2003 with Service Pack 1 (SP1) in three distinct enterprise environments–one in which older operating systems such as Windows NT 4.0 and Windows 98 must be supported, one in which Windows 2000 is the earliest version of the Windows operating system in use, and one in which concern about security is so great that significant loss of client functionality and manageability is considered an acceptable tradeoff to achieve maximum security. These three environments are respectively referred to as the Legacy Client (LC), Enterprise Client (EC), and Specialized Security - Limited Functionality (SSLF) environments throughout this guide.

Guidance about how to harden computers in these three environments is provided for a group of distinct server roles. The countermeasures that are described and the tools that are provided assume that each server will have a single role. If you need to combine roles for some of the servers in your environment, you can customize the security templates that are included in the downloadable version of the guide to create the appropriate combination of services and security options. The server roles that are referenced in this guide include the following:.

  • Domain controllers that also provide DNS services
  • Infrastructure servers that provide WINS and DHCP services
  • File servers
  • Print servers
  • Internet Information Services (IIS) servers
  • Internet Authentication Services (IAS) servers
  • Certificate Services servers
  • Bastion hosts

Download:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8A2643C1-0685-4D89-B655-521EA6C7B4DB&displaylang=en