As part of the Strategic Technology Protection Program (STPP) to help Microsoft customers "get secure and stay secure," the Microsoft Security Toolkit has been released.
The Microsoft Security Toolkit is a collection of patches, tools, and white papers focused on improving and maintaining the security of Windows NT 4.0 and Windows 2000. The Toolkit is available on a CD (order here) or via the Web. The online version is kept up to date with the latest security patches and available documentation.
The Toolkit is aimed at establishing a baseline level of security, not at completely locking down a system or even recovering from a security breach. However, the Toolkit does include a simplistic recovery instruction guide.
When the Toolkit's installation routine is executed, your system is evaluated against a minimal baseline security template. If your system fails to pass this inspection, you'll be prompted to allow the Toolkit to automatically apply patches and make configuration changes to establish a minimal level of security. In addition to the automated changes that can be made, you'll also be instructed to update other software and apply or install additional security tools to improve your system.
While not actually a full-feature security toolbox, this Security Toolkit can be a time-saver by reducing the time required to apply required service packs, hotfixes, and minimal security control settings to newly deployed Windows NT and Windows 2000 systems. However, it must be clearly understood that this Toolkit is only the first step in locking down a system. This Toolkit fails to address a multitude of security vulnerabilities, including brute force attacks, port scanning, and virus infection.
Probably the most useful aspect of the Security Toolkit is its collection of security papers and documentation into a single location.
Since the CD is free for the asking, I recommend placing an order and evaluating the Toolkit's usefulness in your own organization.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in May 2002