| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Looking for Security book
Pete Finnigan <pete_at_peterfinnigan.demon.co.uk> wrote in message news:<WgRNLjBVYCT+Ew4+@peterfinnigan.demon.co.uk>...
Pete,
I'd be interested in if you tested some of the recommendations supplied by the SANS text "securing windows 2000". The notion of developing a single "security template" for deploying across numerous w2k servers (running oracle in particular) seems like quite a good idea. It reminds me of the 'Bastille Linux project', whereby after installing RH Linux (6.2 was the last time I used it) one could harden the operating system very effectively by running a single script.
The release of a good sample security template in an open source fashion might help to secure a large nmber of servers, relative to the circulation of either SANS text, the Oracle Security ste-by-step or securing windows 2000 servers. Calling attention to it certainly wouldn't hurt.
If one actually purchases the W2K Server Resource kit, a tool like TripWire wouldn't event be required, as files and filesystems can be examined by a single comand. These are things that were put in place long before security being a supposed top priority for MS. Its just a matter of raising awareness of security tools that are relatively easy to use and available on the Server CDROM. they just don't get used in a default installation.
Paul Received on Fri Feb 14 2003 - 00:40:44 CST
 |
 |