Windows NT

This checklist outlines some of the steps you should take to secure a Windows NT 4.0 Server running Microsoft Internet Information Server 4.0 on the Internet. Note, this document does not take into consideration firewalls or proxy servers. It also assumes the company has a security policy in place. 

tec-ref.com : Steps for Evaluating the Security of Windows NT Installation

What do you do when you face the task of evaluating the security of a Windows NT system? One approach is to obtain a package such as the Kane Security Analyst (KSA). Check the Intrusion Detection System's Web site at www.intrusion.com or check the Somarsoft site at www.somarsoft.com. Another approach is to manually evaluate the security of a system. Although this can be a daunting task, you will find it a little easier if you follow the steps provided here. This discussion provides quick steps for analyzing the security of a server.

Links:
http://www.tec-ref.com/ntchecks.html

NSA National Security Agency - Central Security Service -- Guidelines

The National Security Agency (NSA) Research Organization produces guidelines for securely configuring the Windows NT operating system. These guidelines target best commercial and military practice, and are based on extensive research into previous and concurrent efforts. Here you can find different guides to setup applicationserversm databse servers, Operating systems, routers, etc. (Great Site if you are into security.)

Links:
http://www.nsa.gov/snac/downloads_all.cfm

CERT/CC : Windows NT Configuration Guidelines

This document details common Microsoft Windows NT 4.0 configuration problems that have been exploited by intruders and recommends practices for deterring several types of break-ins. We encourage system administrators to review all sections of this document and modify their systems accordingly to fix potential weaknesses. 

Link:
http://www.cert.org/tech_tips/win_configuration_guidelines.html

CERT/CC : Windows NT Intruder Detection Checklist

This document gives some guidelines on looking for signs that your system may have been compromised 
 and also to examine log files . System administrators can use this information to look for several types of break-ins. We encourage you to review all sections of this document and modify your systems to address potential weaknesses. 

Link:
http://www.cert.org/tech_tips/win_intruder_detection_checklist.html

UNIX

This document outlines suggested steps for determining if your system has been compromised. System administrators can use this information to look for several types of break-ins. A heavily modified version of this document is also available from Technotronic at http://www.cert.org/tech_tips/intruder_detection_checklist.html.

Disclaimer

The tools described above are provided as-is and are for use at your own risk. Unless otherwise noted, no effort has been made to verify that the software is free from viruses, Trojan horses, or other forms of malicious programming. No effort has been made to verify that the software performs as its authors claim.