Three quick things:
The Center for Internet Security recently published its hardening guidelines for Windows Server 2008. It’s comprehensive – 159 pages of explicit guidance for the correct configuration of Windows Server 2008. CIS provides guidance for many other platforms as well, but I had several clients waiting on the update for Windows Server 2008.
update: Microsoft has also released its guidance and an automated tool (Microsoft Security Compliance Manager) for organizations to build and apply their own security configuration policies for Windows Server 2008. This tool was released in April 2010 and can be found here. The Windows Server 2008 Security Baseline is part of the Microsoft Security Compliance Manager tool, which is designed to provide an end-to-end solution to help organizations plan, deploy, and monitor the security baselines of Windows Server 2008 systems.
In my previous post on Symantec’s acquisition of PGP and GuardianEdge, I referenced a more detailed analysis that members of our team were working on. We have two short documents – one on the acquisition of PGP and one on the acquisition of GuardianEdge. These provide more detail on the implications of the acquisitions and advice for clients.