Center releases first OS security benchmarks

Center releases first OS security benchmarks

By William Jackson

GCN Staff

JULY 18—The Center for Internet Security has released the first operating system security benchmarks, setting minimum configuration requirements for Solaris from Sun Microsystems Inc.

Fred Kerby, information systems security manager at the Naval Surface Warfare Center's Dahlgren Division in Maryland, called the benchmarks a 'step in the right direction' toward securing software that comes with unnecessary services activated. As shipped by vendors, 'most of the products are wide open,' Kerby said. 'There isn't any security built into it, and there isn't any access control on it.'

Software can be reconfigured, but many users are not aware of the vulnerabilities or which services to disable. Version 1.01 of the Sun Solaris security benchmarks defines detailed configuration settings for basic security. A scoring tool installed with the benchmark examines the operating system, reports current settings and gives instructions for closing vulnerabilities.

The settings provide what the organization calls a 'minimum, prudent level of security.'

The benchmark and tools can be downloaded free from the CIS Web site at Benchmarks for other popular operating systems, including Microsoft Windows NT and Windows 2000, Linux, HP-UX and AIX, will be available in the coming months, said CIS president Clint Kreitner. More sophisticated benchmarks for specific network architectures also will be developed.

Although software vendors have worked with CIS in developing benchmarks, Kreitner said, they have not committed to using benchmark settings as default configurations. 'That will be the result when the users begin to push back and ask them,' he said.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected