US government backs new Windows 2000 security tool

News

US government backs new Windows 2000 security tool

Microsoft Windows 2000 users can now use a new benchmarking tool designed to let them more easily configure security settings on their systems.

The tool has been developed by a group of private sector organisations and US government agencies, including the Centre for Internet Security, the SANS Institute, the US General Services Administration, the President's Critical Infrastructure Protection Board, the US National Security Agency and the National Institute of Standards and Technology.

Clint Kreitner, president and chief executive of the Centre for Internet Security, said the benchmark is designed to give companies and users a clear standard for achieving a baseline level of security in their Windows 2000 systems.

Users will be able to easily check the configuration of their systems by downloading a tool from the Centre for Internet Security's Web site that performs hundreds of configuration checks and then reports back to the user with a score signifying their level of compliance with the standard, he said.

"The tool really is the key because it gives you a score" to measure by and work from, he added.

The tool will not only help companies maintain secure configurations, it can also help vendors create new default security settings in their products to ensure better protection, said Kreitner.

The Centre for Internet Security already provides benchmarks and tools for a number of platforms including Unix operating systems and Cisco Systems routers. Future benchmarks will be created to cover Check Point firewalls, Cisco Pix firewalls, Solaris, Apache and IIS (Internet Information Services) Web servers, Oracle databases and more, he said.

Cooperation between the groups has been relatively smooth, with the Windows 2000 benchmark being completed in about two months, Kreitner said. "Everybody realises there's a common good here," he said.

Scott Charney, chief security strategist at Microsoft, said his company would work with the group on future security projects.

The benchmarks and configuration checking tools are available for free on the Centre for Internet Security's Web site, www.cisecurity.org.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy