Computerworld - To help companies create a first line of defense for their Windows 2000 Professional workstations, a group of security and government agencies is releasing a set of baseline security settings that can be used as a starting point to protect corporate IT systems.
In an announcement scheduled for later today in Washington, the agencies plan to provide the baseline settings for free to help companies set up at least minimal protection in their networks to stop cyberattacks by intruders.
The baseline settings are a joint project of the National Institute of Standards and Technology, the Defense Information Systems Agency, the National Security Agency, the General Services Administration, The SANS Institute and the Center for Internet Security (CIS), which undertook the work to address security concerns in network IT systems. Microsoft Corp. reviewed the draft standards as part of the project.
Clint Kreitner, president and CEO of Bethesda, Md.-based CIS, said the agencies completed the minimum standards in two months by working collaboratively and agreeing on the most critical areas in need of improved security in Windows 2000 Professional workstation.
"We were able to agree on several hundred security actions" for the operating system, he said. The key reason the standards are necessary, he said, is because hardware vendors typically ship computers with all security features turned off, leaving IT departments and users responsible for ensuring their own security. And because IT departments and users are typically overwhelmed by other work, even the most minimal of security settings are often overlooked, he said.
The groups plan to release today a report that details the initial security changes that should be set up, and will provide a software download to allow IT departments to check the status of their systems against a security benchmark. The software will score the results of the security scan on a scale from 1 to 10, telling users what's needed to improve protection from attacks.
A 10 is a top score on the test, but "that's only a baseline setting," Kreitner said. The test will allow users to check their systems from a reasonable starting point, then add further protections as needed. "We're trying to make it easier for them," he said.
The CIS offers many similar security benchmarks for other operating systems and for network routers on its Web site, and will continue to release others in the future as it pursues its goal of improving network security.
Richard Clarke, special advisor to President Bush on cyberspace security, said in a statement that the group's work "is an example of a public-private partnership that can help government agencies and corporations better secure their systems against cyberattack."
By using these recommended baseline security settings, the group hopes that computer hardware makers will begin shipping Windows 2000 Professional systems with a basic level of security in place before they are delivered to customers.
Scott Charney, chief security strategist at Microsoft, said his company will work with the group on future security projects.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!