[ISN] Team tackles Windows security

From: InfoSec News (isnat_private)
Date: Sun May 12 2002 - 23:36:27 PDT

Next message: InfoSec News: "[ISN] Security Still an 'Afterthought'"

Previous message: InfoSec News: "[ISN] Linux Advisory Watch - May 10th 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.fcw.com/fcw/articles/2002/0506/web-micro-05-09-02.asp

By Dan Caterinicchia 
May 9, 2002

Government, industry and academia have teamed up to secure the most
popular type of system being deployed on servers in the public and
private sectors: Microsoft Corp.'s Windows 2000.

The National Security Agency and National Institute of Standards and
Technology, in cooperation with the Center for Internet Security, the
SANS Institute and Microsoft, have reached an initial agreement on a
benchmark for securing Windows 2000 computers, said Alan Paller,
director of research at the SANS Institute, a security education and
consulting organization.

Paller said the joint action on Windows 2000 will lead to testing
applications to ensure they work on securely configured systems and
don't require users to sacrifice usability for security.

"Their effort will lead to automation of security configuration and
testing, and it will lead to procurement language that allows federal
agencies and commercial organizations to order securely configured
versions of Windows 2000," Paller said, speaking May 8 at a Senate
Governmental Affairs Committee hearing focused on critical
infrastructure protection through public/private information sharing,

The NSA/NIST-led group also is working on security benchmarks for Sun
Microsystems Inc. Solaris and Cisco Systems Inc. systems, Paller said,
adding that "benchmarks for several other operating systems are in the
pipeline."

He said that once the benchmarks are shared and tools become available
to test systems, defending the nation's critical infrastructure will
be made easier, especially when it comes to:

* Distributing patches.

* Stopping worms.

* Fixing infected systems (because there will be fewer of them).

* Stopping distributed denial of service attacks (because there will
  be fewer victims to use).

"If this committee can help ensure that federal agencies use their
purchasing power to acquire safer systems form the vendors using
consensus benchmarks, you will have an enormous effect on federal
cybersecurity," Paller said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Security Still an 'Afterthought'"
Previous message: InfoSec News: "[ISN] Linux Advisory Watch - May 10th 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 13 2002 - 03:54:52 PDT