Team tackles Windows security

Government, industry and academia have teamed up to secure the most popular type of system being deployed on servers in the public and private sectors: Microsoft Corp.'s Windows 2000.

The National Security Agency and National Institute of Standards and Technology, in cooperation with the Center for Internet Security, the SANS Institute and Microsoft, have reached an initial agreement on a benchmark for securing Windows 2000 computers, said Alan Paller, director of research at the SANS Institute, a security education and consulting organization.

Paller said the joint action on Windows 2000 will lead to testing applications to ensure they work on securely configured systems and don't require users to sacrifice usability for security.

"Their effort will lead to automation of security configuration and testing, and it will lead to procurement language that allows federal agencies and commercial organizations to order securely configured versions of Windows 2000," Paller said, speaking May 8 at a Senate Governmental Affairs Committee hearing focused on critical infrastructure protection through public/private information sharing,

The NSA/NIST-led group also is working on security benchmarks for Sun Microsystems Inc. Solaris and Cisco Systems Inc. systems, Paller said, adding that "benchmarks for several other operating systems are in the pipeline."

He said that once the benchmarks are shared and tools become available to test systems, defending the nation's critical infrastructure will be made easier, especially when it comes to:

* Distributing patches.

* Stopping worms.

* Fixing infected systems (because there will be fewer of them).

* Stopping distributed denial of service attacks (because there will be fewer victims to use).

"If this committee can help ensure that federal agencies use their purchasing power to acquire safer systems form the vendors using consensus benchmarks, you will have an enormous effect on federal cybersecurity," Paller said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.