• United States



by Sam Costello

Securing Windows 2000

Sep 04, 20022 mins
CSO and CISOData and Information Security

Ensuring that your Windows 2000 systems have good security settings should be a little easier now thanks to the release of a new benchmarking tool put together by a raft of private sector and nonprofit groups.

The benchmark, created by the Center for Internet Security, SANS, the U.S. General Services Administration, the President’s Critical Infrastructure Protection Board, the U.S. National Security Agency and the National Institute of Standards and Technology, is designed to give companies and users a clear standard for achieving a baseline level of security in their Windows 2000 systems, says Clint Kreitner, president and CEO of the Center for Internet Security in Bethesda, Md.

The benchmark will provide users with the confidence that these settings are widely-agreed upon by security experts, he says.

Because most operating systems ship from their vendors with security settings turned off by default, Kreitner says that users and administrators need guidance in how to securely configure their Windows 2000 systems. The benchmark provides such a guide, he says, backed by the combined security expertise of the organizations that worked to create it.

Users will be able to easily check the configuration of their systems by downloading a tool from the Center for Internet Security’s website that performs hundreds of configuration checks and then reports to the user their level of compliance with the standard. The tool really is the key because it gives you a score” to measure by and work from, Kreitner adds.

The Center for Internet Security already provides benchmarks and tools for a number of platforms including Unix operating systems and Cisco routers. Future benchmarks will be created to cover Check Point Software Technologies firewalls, Cisco Pix firewalls, Solaris, Apache and IIS (Internet Information Services) Web servers, Oracle databases and more, he says.

The benchmarks and configuration checking tools are available for free on the Center for Internet Security website.