Computerworld - To help companies create a first line of defense for their Windows 2000 Professional workstations, a group of security and government agencies is releasing a set of baseline security settings that can be used as a starting point to protect corporate IT systems.
In an announcement scheduled for later today in Washington, the agencies plan to provide the baseline settings for free to help companies set up at least minimal protection in their networks to stop cyberattacks by intruders.
The baseline settings are a joint project of the National Institute of Standards and Technology, the Defense Information Systems Agency, the National Security Agency, the General Services Administration, The SANS Institute and the Center for Internet Security (CIS), which undertook the work to address security concerns in network IT systems. Microsoft Corp. reviewed the draft standards as part of the project.
Clint Kreitner, president and CEO of Bethesda, Md.-based CIS, said the agencies completed the minimum standards in two months by working collaboratively and agreeing on the most critical areas in need of improved security in Windows 2000 Professional workstation.
"We were able to agree on several hundred security actions" for the operating system, he said. The key reason the standards are necessary, he said, is because hardware vendors typically ship computers with all security features turned off, leaving IT departments and users responsible for ensuring their own security. And because IT departments and users are typically overwhelmed by other work, even the most minimal of security settings are often overlooked, he said.
The groups plan to release today a report that details the initial security changes that should be set up, and will provide a software download to allow IT departments to check the status of their systems against a security benchmark. The software will score the results of the security scan on a scale from 1 to 10, telling users what's needed to improve protection from attacks.
A 10 is a top score on the test, but "that's only a baseline setting," Kreitner said. The test will allow users to check their systems from a reasonable starting point, then add further protections as needed. "We're trying to make it easier for them," he said.
The CIS offers many similar security benchmarks for other operating systems and for network routers on its Web site, and will continue to release others in the future as it pursues its goal of improving network security.
Richard Clarke, special advisor to President Bush on cyberspace security, said in a statement that the group's work "is an example of a public-private partnership that can help government agencies and corporations better secure their systems against cyberattack."
By using these recommended baseline security settings, the group hopes that computer hardware makers will begin shipping Windows 2000 Professional systems with a basic level of security in place before they are delivered to customers.
Scott Charney, chief security strategist at Microsoft, said his company will work with the group on future security projects.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts