[ISN] Team tackles Windows security

From: InfoSec News (isnat_private)
Date: Sun May 12 2002 - 23:36:27 PDT

  • Next message: InfoSec News: "[ISN] Security Still an 'Afterthought'"

    http://www.fcw.com/fcw/articles/2002/0506/web-micro-05-09-02.asp
    
    By Dan Caterinicchia 
    May 9, 2002
    
    Government, industry and academia have teamed up to secure the most
    popular type of system being deployed on servers in the public and
    private sectors: Microsoft Corp.'s Windows 2000.
    
    The National Security Agency and National Institute of Standards and
    Technology, in cooperation with the Center for Internet Security, the
    SANS Institute and Microsoft, have reached an initial agreement on a
    benchmark for securing Windows 2000 computers, said Alan Paller,
    director of research at the SANS Institute, a security education and
    consulting organization.
    
    Paller said the joint action on Windows 2000 will lead to testing
    applications to ensure they work on securely configured systems and
    don't require users to sacrifice usability for security.
    
    "Their effort will lead to automation of security configuration and
    testing, and it will lead to procurement language that allows federal
    agencies and commercial organizations to order securely configured
    versions of Windows 2000," Paller said, speaking May 8 at a Senate
    Governmental Affairs Committee hearing focused on critical
    infrastructure protection through public/private information sharing,
    
    The NSA/NIST-led group also is working on security benchmarks for Sun
    Microsystems Inc. Solaris and Cisco Systems Inc. systems, Paller said,
    adding that "benchmarks for several other operating systems are in the
    pipeline."
    
    He said that once the benchmarks are shared and tools become available
    to test systems, defending the nation's critical infrastructure will
    be made easier, especially when it comes to:
    
    * Distributing patches.
    
    * Stopping worms.
    
    * Fixing infected systems (because there will be fewer of them).
    
    * Stopping distributed denial of service attacks (because there will
      be fewer victims to use).
    
    "If this committee can help ensure that federal agencies use their
    purchasing power to acquire safer systems form the vendors using
    consensus benchmarks, you will have an enormous effect on federal
    cybersecurity," Paller said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon May 13 2002 - 03:54:52 PDT