See... A little more clarity makes a lot more sense. So you're looking for a method to lock down multiple components on an enterprise network that consists of Ciscos, Windows, etc...
Now the question becomes... To what degree do you want to lock them down? Let me tell you a little story here... 12 years ago, a company called Security Dynamics (Intrusion) came out with a cool program called Kane Security... Provided pretty much all you asked for on most Windows and Novell systems. At the time I was a security engineer @ a dotcom company which was an MSSP. Kane was "the tool" to have. Offered C2 level security if you needed it...
Being the pain I was back then, I decided to "automate" security processes. I ran Kane on a NT 4 Server Enterprise Edition (they were about a year old back then). Man!!! Did I have security!!! So much security, I couldn't print, couldn't copy and paste, couldn't pretty much do anything. I hadn't taken the time to determine to
WHAT EXTENT I needed things secured to. Fun fun fun.
Anyhow, here are some links however, I suggest you create a gameplan instead of relying on too many tools. You'll find at the end of the day its easier to build your own scripts, programs, etc., based on your specific criteria.
NSA Cisco Hardening Guides March 2009
http://www.nsa.gov/ia/_files/routers/cis_securityguides.zipMicrosoft Windows Hardening Tips and Scripts
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#microsoftRHEL Hardening
http://people.redhat.com/sgrubb/files/hardening-rhel5.pdfStill Secure VAM (if you want to spend some cash)
http://www.stillsecure.com/vam/index.phpBabel Enterprise
http://babelenterprise.com/index.php?lang=en&sec=Babel&sec2=militarizacionPersonally, I would (as stated) probably take a 50k foot view, install something like OSSIM to see what I currently have, where I need to be, and go from there. With OSSIM, you could just script fixes into your risky machines with wmic, python, etc..
General Certification : Red Team/Blue Team
