New Security Benchmark for Microsoft Windows 7 and Windows Server 2008

Windows Security : New Security Benchmark for Microsoft Windows 7 and Windows Server 2008

Posted by Max on 2010/4/12 7:28:16 (1005 reads)

In order to encourage safer security practices for Windows 7 and Windows Server 2008, Center for Internet Security (CIS) has released new consensus security configuration standards for these widely used operating systems that power both personal computers and business systems. The CIS benchmarks provide detailed how-to guidelines to ensure that the remote attack surface of the systems are reduced, sensitive activities are logged, and the overall security posture of the systems are sound.

The Center for Internet Security (CIS) announced the public release of its consensus security benchmarks for Microsoft Windows® 7 and Microsoft Windows Server®2008. The new benchmarks provide prescriptive controls guides for securely configuring these widely used operating systems that power both personal computers and business systems. The benchmarks are available as free downloads at http://www.cisecurity.org.

“Security configuration benchmarks for the Microsoft Windows platform continue to be in high demand by our community,” said Blake Frantz, chief technology officer for CIS. “The CIS benchmarks provide detailed how-to guidelines to ensure that the remote attack surface of the system is reduced, sensitive activities are logged, and the overall security posture of the system is sound.”

Windows 7 is Microsoft’s new operating system for desktop and mobile computers and has acquired approximately 10 percent of the desktop market share to date. Microsoft has reported that over 140 million licenses have been distributed. Windows Server 2008 is the Microsoft operating system most extensively used by enterprises for their IT services and business systems.

Joe McGinley, Information Security Director for SITA, a worldwide leader in air transport communications and information technology solutions, says “the Microsoft Windows 7 and Microsoft Windows Server 2008 benchmarks are additional examples of how CIS supports companies with adopting latest market ‘technology’ while maintaining a secure and robust environment. Having a sound foundation upon which to build a secure solution is absolutely critical and is a core requirement in the development process of airline solutions and product offerings from SITA.”

“SITA's objectives are aligned with widely accepted security standards, such as ISO 27002 and the Payment Card Industry (PCI). The CIS benchmarks help to meet basic requirements in each of these standards and are, in fact, called out by example as possible controls. The CIS benchmarks help to mitigate the exposure and impact of negative events that could affect the confidentiality, integrity, and availability of the company’s and customer’s data and information processing capabilities. Building secure solution and systems demonstrates to the Air Transport Industry (ATI) that protecting customer data is critical to SITA - and this is the reason for the company to leverage the CIS expertise and provided resources,” added McGinley.

The CIS benchmarks for Microsoft Windows 7 and Windows Server 2008 provide recommendations in 13 security categories including:

•    Account Policies
•    Audit Policy
•    Detailed Audit Policy
•    Event Log
•    Windows Firewall
•    Windows Update
•    User Account Control (UAC)
•    User Rights
•    Security Options
•    Terminal Services
•    Internet Communication
•    Additional Security Settings
•    User Policies

The CIS Public-Private Collaboration Process

CIS benchmarks are developed through a consensus review process involving hundreds of volunteer subject matters experts. Consensus participants provide perspective form a diverse set of backgrounds including consulting, software development, audit and compliance, security research, security operations, government and legal.

By using the benchmarks, security professionals save tens of thousands of dollars in developing custom policies and avoid reinventing the wheel. Further, they enable compliance with the configuration requirements of standards such as PCI and ISO, and regulations such as FISMA, GLBA, HIPAA and Sarbanes-Oxley.

About CIS
The Center for Internet Security (CIS) is a non-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls, and provides enterprises with resources for measuring information security status and making rational security investment decisions. CIS develops and distributes consensus-based benchmarks for secure configuration of operating systems, software applications and network devices. The consensus security configuration benchmarks are downloaded more than one million times a year, and are globally accepted as user-originated, de facto standards. More than 150 leading corporations, government entities, universities and security organizations are CIS members. For more information, visit http://www.cisecurity.org

Previous article - Next article

Other articles
2010/9/1 14:59:07 - New Acunetix Web Vulnerability Scanner 7 Released !
2010/8/26 4:31:23 - Latest Panda Security Survey
2010/8/25 17:11:47 - NEW August 2010 Symantec MessageLabs Intelligence Report
2010/8/25 17:04:12 - GFI VIPRE Antivirus Earns Gold Level OESIS OK Certification
2010/8/25 16:59:22 - NEW IBM X-Force H1 2010 Report On Global Security
2010/8/24 7:58:12 - Identity Finder Offers Free Identity Protection for College Students
2010/8/24 7:55:18 - ESET NOD32 Antivirus Confident on Southern Africa Security Market
2010/8/24 7:51:10 - Returnil Virtual System Receives Virus Bulletin's VB100 Award
2010/8/24 7:46:57 - SharperLending’s Appraisal Firewall Technology Keeps Appraisers Independent and Lenders Compliant
2010/8/19 11:01:51 - Avalanche Group Phishing Attacks Decrease in Q2 2010 in Favour of Malware Attacks

The comments are owned by the poster. We aren't responsible for their content.