The following thread is a story on new guidelines the Feds are putting in place to help tighten security on Win2K machines.
http://www.cnn.com/2002/TECH/industr....ap/index.html
I am putting it here for two reasons.
1) It may be a good starting point to review their guidelines when they are posted to see what they suggest.
2) To warn anyone who is using those guidelines as the "Bible" to follow that security is not a static process but a moving target.
The Government is making the same mistake again that people continuously make when it comes to security. You cannot make something secure and then walk away. You can only secure something against currently known threats and problems. You must then stay vigilant to secure against new threats and problems.
This guideline is a two edged sword. First, it will be followed and many vulnerabilities will be corrected. Then most admins will figure, wow, now I am secure and go off and forget about their systems until a new attack comes out and crashes their server. So it will help but in the long run it might also hurt. No government document can compete with the speed that technology is changing and the resourcefulness of the human mind.
Sincerely,