Computerworld - To help companies create a first line of defense for their Windows 2000 Professional workstations, a group of security and government agencies is releasing a set of baseline security settings that can be used as a starting point to protect corporate IT systems.
In an announcement scheduled for later today in Washington, the agencies plan to provide the baseline settings for free to help companies set up at least minimal protection in their networks to stop cyberattacks by intruders.
The baseline settings are a joint project of the National Institute of Standards and Technology, the Defense Information Systems Agency, the National Security Agency, the General Services Administration, The SANS Institute and the Center for Internet Security (CIS), which undertook the work to address security concerns in network IT systems. Microsoft Corp. reviewed the draft standards as part of the project.
Clint Kreitner, president and CEO of Bethesda, Md.-based CIS, said the agencies completed the minimum standards in two months by working collaboratively and agreeing on the most critical areas in need of improved security in Windows 2000 Professional workstation.
"We were able to agree on several hundred security actions" for the operating system, he said. The key reason the standards are necessary, he said, is because hardware vendors typically ship computers with all security features turned off, leaving IT departments and users responsible for ensuring their own security. And because IT departments and users are typically overwhelmed by other work, even the most minimal of security settings are often overlooked, he said.
The groups plan to release today a report that details the initial security changes that should be set up, and will provide a software download to allow IT departments to check the status of their systems against a security benchmark. The software will score the results of the security scan on a scale from 1 to 10, telling users what's needed to improve protection from attacks.
A 10 is a top score on the test, but "that's only a baseline setting," Kreitner said. The test will allow users to check their systems from a reasonable starting point, then add further protections as needed. "We're trying to make it easier for them," he said.
The CIS offers many similar security benchmarks for other operating systems and for network routers on its Web site, and will continue to release others in the future as it pursues its goal of improving network security.
Richard Clarke, special advisor to President Bush on cyberspace security, said in a statement that the group's work "is an example of a public-private partnership that can help government agencies and corporations better secure their systems against cyberattack."
By using these recommended baseline security settings, the group hopes that computer hardware makers will begin shipping Windows 2000 Professional systems with a basic level of security in place before they are delivered to customers.
Scott Charney, chief security strategist at Microsoft, said his company will work with the group on future security projects.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!