NSA Releases Win2K Security Recommendation Guidelines

The US National Security Agency (NSA) has released a set of guidelines and templates to assist in securing Windows 2000 systems. The materials contain 5 templates to use with Microsoft's Security Configuration Editor, 17 guides to secure various aspects of the OS, and 3 supporting documents with indepth defense coverage and particulars about various popular software packages.

The templates include configuration settings for domain controllers (DCs), domain policy, and server and workstation settings. The guides are available in Adobe Portable Document Format (PDF) and cover a broad range of topics, including network architecture, Group Policy, file and disk resources, Encrypting File System (EFS), DNS, Active Directory (AD), Microsoft IIS, Kerberos, public key infrastructure (PKI), Windows NT and 9x clients, Outlook, and routers.

According to NSA, it derived some of the material from Microsoft copyrighted material (with the company's permission). NSA urges users to test the settings before applying them to a production environment. In addition, users should read the legal notices at the NSA Web site before downloading and using any of the materials.

Regarding the security of other OSs, the NSA announced in January 2001 that it had begun developing a more secure version of Linux that it calls Security-Enhanced Linux. NSA has made the prototype and source code available to the public at the NSA/CSS INFOSEC Web site.