Computerworld - To help companies create a first line of defense for their Windows 2000 Professional workstations, a group of security and government agencies is releasing a set of baseline security settings that can be used as a starting point to protect corporate IT systems.
In an announcement scheduled for later today in Washington, the agencies plan to provide the baseline settings for free to help companies set up at least minimal protection in their networks to stop cyberattacks by intruders.
The baseline settings are a joint project of the National Institute of Standards and Technology, the Defense Information Systems Agency, the National Security Agency, the General Services Administration, The SANS Institute and the Center for Internet Security (CIS), which undertook the work to address security concerns in network IT systems. Microsoft Corp. reviewed the draft standards as part of the project.
Clint Kreitner, president and CEO of Bethesda, Md.-based CIS, said the agencies completed the minimum standards in two months by working collaboratively and agreeing on the most critical areas in need of improved security in Windows 2000 Professional workstation.
"We were able to agree on several hundred security actions" for the operating system, he said. The key reason the standards are necessary, he said, is because hardware vendors typically ship computers with all security features turned off, leaving IT departments and users responsible for ensuring their own security. And because IT departments and users are typically overwhelmed by other work, even the most minimal of security settings are often overlooked, he said.
The groups plan to release today a report that details the initial security changes that should be set up, and will provide a software download to allow IT departments to check the status of their systems against a security benchmark. The software will score the results of the security scan on a scale from 1 to 10, telling users what's needed to improve protection from attacks.
A 10 is a top score on the test, but "that's only a baseline setting," Kreitner said. The test will allow users to check their systems from a reasonable starting point, then add further protections as needed. "We're trying to make it easier for them," he said.
The CIS offers many similar security benchmarks for other operating systems and for network routers on its Web site, and will continue to release others in the future as it pursues its goal of improving network security.
Richard Clarke, special advisor to President Bush on cyberspace security, said in a statement that the group's work "is an example of a public-private partnership that can help government agencies and corporations better secure their systems against cyberattack."
By using these recommended baseline security settings, the group hopes that computer hardware makers will begin shipping Windows 2000 Professional systems with a basic level of security in place before they are delivered to customers.
Scott Charney, chief security strategist at Microsoft, said his company will work with the group on future security projects.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!