Re: Looking for Security book

Pete Finnigan <pete_at_peterfinnigan.demon.co.uk> wrote in message news:<2yUlfCBcwAU+Ewln_at_peterfinnigan.demon.co.uk>...
> Hi Paul,
>
> Sorry for the delay in replying to this thread. Some comments in-line.

I've spent the past couple of days shoveling snow, haven't been checking this newsgroup lately either.

> In article <1ac7c7b3.0302132240.18129d37_at_posting.google.com>, Paul Drake
> <drak0nian_at_yahoo.com> writes
> >Pete Finnigan <pete_at_peterfinnigan.demon.co.uk> wrote in message
> >news:<WgRNLjBVYC
> >T+Ew4+@peterfinnigan.demon.co.uk>...
> >
> >It reminds me of the 'Bastille Linux project', whereby after
> >installing RH Linux (6.2 was the last time I used it) one could harden
> >the operating system very effectively by running a single script.
> >The release of a good sample security template in an open source
> >fashion might help to secure a large nmber of servers, relative to the
> >circulation of either SANS text, the Oracle Security step-by-step or
> >securing windows 2000 servers. Calling attention to it certainly
> >wouldn't hurt.
> >
>
> This has already been done by the Centre For Internet Security (CIS),
> see www.cisecurity.org, they have provided benchmark documents for a few
> O/S's and applications (Oracle benchmark is in development now) Windows
> 2k is available in level 1 and 2. You can download these "benchmark"
> documents that detail a defined security standard for the particular
> system being secured. Each also has a benchmark tool available that when
> run "scores" the installation against the benchmark standard, i.e. it
> finds non compliance's. CIS has as one of its founder members the SANS
> Institute. CIS is mentioned on the back cover of the Oracle security
> step-by-step book.
>
> Thanks again for the reply.
>
> kind regards
>
> Pete

Pete,

thanks much for the link to cisecurity.org. that is exactly what I was looking for.

Paul Received on Wed Feb 19 2003 - 01:04:40 CST