[ISN] Group Unveils Solaris Security Standards

From: InfoSec News (isnat_private)
Date: Tue Jul 03 2001 - 01:00:39 PDT

  • Next message: InfoSec News: "[ISN] Usenet creator Jim Ellis dies"

    By Mary Mosquera
    July 2, 2001
    A coalition of companies and Internet user groups on Monday released
    its first set of minimum security standards for an operating system,
    in an effort to encourage vendors to ship systems that are less
    susceptible to hacker attacks.
    The Center for Internet Security issued its first security benchmark
    for Sun Microsystems' Solaris because it is a critical part of the
    infrastructure of financial and military organizations and many
    e-commerce sites.
    The benchmark defines detailed configuration settings for system
    administrators to assure that security in their computers and networks
    reflects a prudent level of due care, the center said. Software that
    scores and reports how a system conforms to the security settings is
    available from the group's web site at www.cisecurity.org.
    No organization is safe from harmful distributed denial of service
    attacks as long as any systems are connected to the Internet without
    meeting minimum security configuration standards, the center said. And
    vendors ship computers with many unnecessary and vulnerable services
    Benchmarks for other operating systems, including Windows NT and 2000,
    Linux, HP-UX, and AIX will become available soon, said Clint Kreitner,
    CEO of the Center for Internet Security.
    "An organization's compliance with an accepted standard of prudent due
    care not only helps protect its valued information from theft or
    misuse, but also helps shield the organization from liability
    resulting from legal action associated with unauthorized compromise of
    that information," Kreitner said.
    The benchmarks and scoring tools are kept up to date as new
    vulnerabilities are discovered through the Internet Storm Center and
    the CERT Coordination Center, the computer emergency response team.
    Members of the Center for Internet Security also include Visa,
    PricewaterhouseCoopers LLP, Intel Corp., the SANS Institute, and
    Guardent Inc.
    "Organizations have a broad spectrum of computing architectures but
    have no set of security standards that are universally accepted," said
    Fred Kerby, information systems security manager at the Naval Surface
    Warfare Center. The CIS benchmarks give organizations a common
    language, he said.
    A hospital network administrator said he had tightened security
    further with suggestions from the benchmark publication. "It's a tool
    that has real world functionality," said Mike Parent, network
    administrator at Mt. Clemens General Hospital in Michigan. The
    standards will help hospitals comply with new regulations associated
    with the Health Insurance Portability and Accountability Act, or
    HIPAA, which present new patient privacy and security challenges, he
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 01:38:51 PDT