There is a draft View Security Server hardening guide referenced here - http://communities.vmware.com/thread/300885
Mark
From what standpoint:
From a firewall standpoint yes.
From external to DMZ only open ports 443, 4172TCP, 4172UDP.
Check this out:
http://communities.vmware.com/docs/DOC-14974
Gunnar
Thanks for the reply.
My question is more from the Windows OS perspective. Are there any customization steps recommended to lock the OS down?
I think from an OS perspective you would stop and disable uneeded services, a possible rename of the Admin account to something on standard, and of a course a really good password. Also limit who has access to the box. The more administrators inside the box messing around the greater potential for something to happen.
I wouldn't be too concerned with Windows itself, keep it patched and only allow the ports that are needed to access it. Its going to be difficult to exploit a box if you can only see it on the secure ports.
Thanks mittim / Gunnar.
Windows OS in a DMZ is always a serious concern.
I was wondering if using the default Windows Security Profiles would achieve a better result but wasn't sure if it would break something else too.
There is a draft View Security Server hardening guide referenced here - http://communities.vmware.com/thread/300885
Mark
Thanks Mark - that is exactly what I was looking for.
Any idea when will the final version be released?