Tip

Check out this new security benchmark

In an effort to help standardize the process of establishing a common minimum level of security on government computers, the federal Center for Internet Security (CIS) is developing benchmark and scoring tools. These benchmarks are being created through a joint effort among several agencies, including NSA, DISA, NIST, GSA, and CIS. On July 17, 2002, the CIS published its first set of materials for Windows 2000 Professional.

The Windows 2000 Professional Operating System Benchmark - Consensus Baseline Security Settings (v1.0) is a PDF document that describes a Windows 2000 Professional minimum security baseline. This benchmark defines a prudent minimum due care level to establish standard basic security on a newly installed Windows 2000 Professional system. In addition to defining required security configurations, it also recommends or suggests means whereby security controls and improvements can be implemented.

The benchmark document is only part of the package that CIS created. They also distribute a software scoring tool that evaluates systems in light of this minimum security benchmark. The scoring tool assesses the security configuration of a system and generates multiple detailed reports that may be used to determine current compliance, and achieve complete compliance through application of appropriate measures.

Using these elements in concert can help any administrator to evaluate systems quickly and to establish minimum security before deploying

    Requires Free Membership to View

them onto a network or the Internet.

Many federal agencies are required to meet the standards defined in this benchmark immediately. These security benchmarks and tools are made available to the public to encourage business and personal IT communities to improve their IT security as well. The overall goal of these efforts is to improve computer security throughout the US, not just within government agencies, so the whole country becomes less susceptible to domestic and internal cybercrime.

I urge you take a look at these materials offered by CIS and to test a few of your systems using the scoring tool to see how your security policy (as implemented) measures up to recommended proper minimum security configurations for Windows 2000 Professional. Benchmarks and tools for numerous other operating systems are in development and will be released soon.

For more information and to download the benchmarks and tools, please see the Center for Internet Security (CIS) Web site.


Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.


This was first published in July 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.