Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
NSA guidelines for securing W2k

By jabber in MLP
Wed Jun 13, 2001 at 05:18:59 PM EST
Tags: Security (all tags)
Security

The NSA has decided to make publically available their guidelines for making Windows 2000 secure. (www.nsa.gov/winsecurity/win2k/download.htm)

(updated: fixed link)


ADVERTISEMENT
Sponsor: rusty
This space intentionally left blank
...because it's waiting for your ad. So why are you still reading this? Come on, get going. Read the story, and then get an ad. Alright stop it. I'm not going to say anything else. Now you're just being silly. STOP LOOKING AT ME! I'm done!
comments (24)
active | buy ad
ADVERTISEMENT
As far as I know, this is the first time that the NSA has made an effort to help the general public improve the security of personal data. Either the NSA feels that trust is a good thing, or Win2k is SO bad that the NSA feels they need more of a challenge.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o guidelines
o Also by jabber


Display: Sort:
NSA guidelines for securing W2k | 22 comments (12 topical, 10 editorial, 0 hidden)
Not the first: NSA Linux (3.42 / 14) (#7)
by mbrubeck on Wed Jun 13, 2001 at 02:03:41 PM EST

As far as I know, this is the first time that the NSA has made an effort to help the general public improve the security of personal data.
What about Security-Enhanced Linux, the NSA's publicly available access control patches for the Linux kernel?
Either the NSA feels that trust is a good thing, or Win2k is SO bad that the NSA feels they need more of a challenge.
Do you now have similar snide remarks about Linux? You gave an interesting link, but your attempt at Microsoft bashing just makes you look foolish.

Maybe not secure (2.06 / 16) (#11)
by www.sorehands.com on Wed Jun 13, 2001 at 03:45:37 PM EST

Maybe they are telling us how to secure the OS, but not telling us the whole truth. They could be leaving a backdoor for them to exploit. Since we were told how to secure, then we won't bother checking for what they missed.

How to secure any windows machine: format c: /u



------------------------------------------------------------------------------
http://www.barbieslapp.com
Mattel, SLAPP terrorists intent on destroying free speech.
-----------------------------------------------------------

Best way to secure W2K (2.14 / 21) (#12)
by nobody on Wed Jun 13, 2001 at 04:20:47 PM EST

1. Insert you favorite Linux/*BSD/other free software OS distribution's CD into the CD drive.

2. If necessary, insert a matching boot floppy into your floppy drive.

3. Proceed with installation, making sure you remove or wipe any FAT and NTFS partitions.

4. COnfigure as necessary.



In capitalism, man exploits man. In socialism, it's exactly the opposite.
No it's not. (3.14 / 7) (#14)
by static on Wed Jun 13, 2001 at 10:34:50 PM EST

The best way to secure a Win2k machine - or any OS, in fact - is to steal it's power cable.

Wade.

[ Parent ]

RE: No it's not. (2.40 / 5) (#16)
by nobody on Thu Jun 14, 2001 at 06:07:54 AM EST

I stand corrected and now say that my way is the second best way to secure W2K.


In capitalism, man exploits man. In socialism, it's exactly the opposite.
[ Parent ]
RE: No it's not (2.00 / 1) (#18)
by FnordLord on Thu Jun 14, 2001 at 05:42:09 PM EST

What about yoinking the network cable? That does a good job of locking out anyone who isn't at the machine.

[ Parent ]
Not the first time (4.33 / 12) (#13)
by Global-Lightning on Wed Jun 13, 2001 at 05:11:47 PM EST

In 1998, Trusted Systems completed a project for the NSA to produce guidelines to securely configure Windows NT.

The "Windows NT Security Guidelines" is freely available at their website. This document has been the baseline for the Department of Defense, other government entities, and any organization with a need for a secure Windows operating environment

As part of it's Information Assurance mission, The NSA is tasked with finding and addressing security weaknesses in information systems. This is the same NSA initiative that lead to their efforts in Security Enhanced Linux. Their efforts are making Linux much easier to implement in US govt networks

Why not (1.66 / 6) (#15)
by psctsh on Wed Jun 13, 2001 at 11:55:59 PM EST

go straight to the source? Oh, that's right...

You know... (2.33 / 3) (#17)
by RareHeintz on Thu Jun 14, 2001 at 10:07:20 AM EST

...if I were really paranoid, I'd assume that the NSA is willing to tell people how to secure their systems because they already have a back door.

Nah...

OK,
- B
--
http://www.bradheintz.com/ - updated kind of daily

Good interesting link (4.00 / 1) (#19)
by stuartf on Thu Jun 14, 2001 at 07:22:07 PM EST

Good information, it's good that someone has has the time to sit down and work all this out has the decency to publish it.

It's a shame that the combined slashdot/kuro5hin.org effect meant that they've taken the papers down until the week of the 18th...

Rather subdued response on kuro5hin, compared to the Winbashing going on a slashdot.

Title! (none / 0) (#22)
by pallex on Thu Jun 21, 2001 at 08:17:28 AM EST

"Rather subdued response on kuro5hin, compared to the Winbashing going on a slashdot."

I think this message should be on the front page of Kuro5hin, always!

:)

[ Parent ]
Not unheard of and certainly will be more frequent (3.00 / 1) (#21)
by turtleshadow on Sun Jun 17, 2001 at 11:44:01 PM EST

Government bodies, after all, are to help the people they are formed from.

There are several thousand programs from small community councils to the NSA that help people with matters of business.

There are even programs to subsidize small businesses to improve security via cameras, height bars at the doors, better safes, etc as well as book-keeping practices and ensure that your workplace is safe from undo hazards like rickity ladders and asbestos.

It should not be surprising to anyone here that computers are a well established tool of business now. And because of this people need help to use them well. The site was overloaded as of 6/17/01 and was going to be updated by the week of the 18th so obviously there is a demand.

Now if the next step of qualification and standards can occur we'd all be better off.
Perhaps No more "license" practices saying you can't sue M$ for defective products or low consumer protection in allowing shoddy products.
I can tell you if manufacture sold a cordless phone that crashed the telco system, that manufacturer would be visted shortly by the FCC with a demand for recall. This is because its been tested and recieved approval for use by the public. Consumers should expect no less for Commerical OS vendors.

From a personal perspective, after helping Mom's small business recover from a WinXP upgrade fiasco I now am of the opinion, for the $Billions M$ has why are they not held to the same product standards vehicles, phones, etc are held to?

M$ sells their product as "consumer" grade; therefore it shouldn't take a pro to salvage files and reassemble their documents after a bad upgrade.

Turtleshadow


NSA guidelines for securing W2k | 22 comments (12 topical, 10 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!