Center releases first OS security benchmarks

Center releases first OS security benchmarks

By William Jackson

GCN Staff


JULY 18—The Center for Internet Security has released the first operating system security benchmarks, setting minimum configuration requirements for Solaris from Sun Microsystems Inc.

Fred Kerby, information systems security manager at the Naval Surface Warfare Center's Dahlgren Division in Maryland, called the benchmarks a 'step in the right direction' toward securing software that comes with unnecessary services activated. As shipped by vendors, 'most of the products are wide open,' Kerby said. 'There isn't any security built into it, and there isn't any access control on it.'

Software can be reconfigured, but many users are not aware of the vulnerabilities or which services to disable. Version 1.01 of the Sun Solaris security benchmarks defines detailed configuration settings for basic security. A scoring tool installed with the benchmark examines the operating system, reports current settings and gives instructions for closing vulnerabilities.

The settings provide what the organization calls a 'minimum, prudent level of security.'

The benchmark and tools can be downloaded free from the CIS Web site at www.cisecurity.org. Benchmarks for other popular operating systems, including Microsoft Windows NT and Windows 2000, Linux, HP-UX and AIX, will be available in the coming months, said CIS president Clint Kreitner. More sophisticated benchmarks for specific network architectures also will be developed.

Although software vendors have worked with CIS in developing benchmarks, Kreitner said, they have not committed to using benchmark settings as default configurations. 'That will be the result when the users begin to push back and ask them,' he said.

inside gcn

  • Autonomous driverless car with Head Up Display (Scharfsinn/Shutterstock.com)

    What are these 'levels' of autonomous vehicles?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group