Sarah Carter
 Director
 HarrierZeuros Ltd

 sarah.carter@harrierzeuros.co.uk
 www.harrierzeuros.co.uk

1. Service Pack the machine to highest stable release (Service Packs contain security updates as well as new security features)
2. Apply Security Related hot fixes i.e hot fixes that apply to your scenario e.g. IIS Fix for Code Red Vulnerability in ISAPI)
3. Secure the Filing System with NTFS and apply security permissions
4. Apply Password and restrictions
5. Disable unused and Guest accounts
6. Disable unused NT Services
7. Apply registry fixes that add security
8. Only install the applications that are necessary
9. Only install TCP/IP as the network protocol and apply TCP/IP Filters

More links:

http://www.microsoft.com/security/

 Andrew Cardwell
 (CISSP/SSCP/CISMP/
 BS7799-LA/M.Instis)

 andrew AT cardwell.co.uk
 

shut down all un-necessary services

create individual admin users (avoid using admin) - this helps with accounting for actions

disable all guest accounts

Setup auditing

Setup account policies with password restrictions and account lockouts

Ensure the disks are NTFS and not DOS formatted

Create a regular backup policy - including the registry

Put legal notices on the login banner

Tighten the default permissions

Install monitoring and other security tools

Patch your system regularly (keep an eye on TECS for the latest news)

Finally have the system audited by an independent third party on a regular basis.