Home page logo

isn logo Information Security News mailing list archives

Group Unveils Solaris Security Standards
From: InfoSec News <isn () c4i org>
Date: Tue, 3 Jul 2001 03:00:39 -0500 (CDT)


By Mary Mosquera
July 2, 2001

A coalition of companies and Internet user groups on Monday released
its first set of minimum security standards for an operating system,
in an effort to encourage vendors to ship systems that are less
susceptible to hacker attacks.

The Center for Internet Security issued its first security benchmark
for Sun Microsystems' Solaris because it is a critical part of the
infrastructure of financial and military organizations and many
e-commerce sites.

The benchmark defines detailed configuration settings for system
administrators to assure that security in their computers and networks
reflects a prudent level of due care, the center said. Software that
scores and reports how a system conforms to the security settings is
available from the group's web site at www.cisecurity.org.

No organization is safe from harmful distributed denial of service
attacks as long as any systems are connected to the Internet without
meeting minimum security configuration standards, the center said. And
vendors ship computers with many unnecessary and vulnerable services

Benchmarks for other operating systems, including Windows NT and 2000,
Linux, HP-UX, and AIX will become available soon, said Clint Kreitner,
CEO of the Center for Internet Security.

"An organization's compliance with an accepted standard of prudent due
care not only helps protect its valued information from theft or
misuse, but also helps shield the organization from liability
resulting from legal action associated with unauthorized compromise of
that information," Kreitner said.

The benchmarks and scoring tools are kept up to date as new
vulnerabilities are discovered through the Internet Storm Center and
the CERT Coordination Center, the computer emergency response team.
Members of the Center for Internet Security also include Visa,
PricewaterhouseCoopers LLP, Intel Corp., the SANS Institute, and
Guardent Inc.

"Organizations have a broad spectrum of computing architectures but
have no set of security standards that are universally accepted," said
Fred Kerby, information systems security manager at the Naval Surface
Warfare Center. The CIS benchmarks give organizations a common
language, he said.

A hospital network administrator said he had tightened security
further with suggestions from the benchmark publication. "It's a tool
that has real world functionality," said Mike Parent, network
administrator at Mt. Clemens General Hospital in Michigan. The
standards will help hospitals comply with new regulations associated
with the Health Insurance Portability and Accountability Act, or
HIPAA, which present new patient privacy and security challenges, he

ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com 

  By Date           By Thread  

Current thread:
  • Group Unveils Solaris Security Standards InfoSec News (Jul 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]