|
|
|
PC Lockdown in the Government and Beyond
By: Cameron Sturdevant
2008-01-13
Article Rating:  / 26
There are 0 user comments on this Network Security & Hardware story.
PC Lockdown in the Government and Beyond (
Page 1 of 3 ) New federal regulations for government agencies will have an impact in the commercial space.Organizations that already have a stable, secure image for desktop
and laptop computers can ignore this story. Everyone else can now
implement the Federal Desktop Core Configuration for Windows XP and
Vista, which provides a good framework for ensuring secure civilian
desktop and laptop configurations.
In particular, IT managers at small and midsize organizations can
use the freely available checklists, model Windows GPO (Group Policy
Objects) and reference virtual machine images that the NIST (National
Institute of Standards and Technology) has provided for Windows XP and
Vista to create their own standard, secure desktop and laptop
configurations.
The Office of Management and Budget has mandated that by Feb. 1 all
federal agencies using Windows XP and Vista adopt the standard security
configurations developed by NIST, the Department of Defense and the
Department of Homeland Security as part of FDCC.
The requirement also applies to the Windows XP and Vista firewalls,
and Internet Explorer 7. In a nutshell, the FDCC provides organizations
with guidelines for implementing standard, secure and assessable
operating system and application configurations, in an effort to reduce
the attack surfaces of the Windows-based desktop and laptop systems
that inhabit federal networks.
While the FDCC is currently limited to improving threat resistance
and compliance reporting for XP, Vista and Internet Explorer 7, expect
the guidelines to spur the adoption of configuration and scanning
standards that impact a broader set of applications. The OMB has yet to
mandate Apple, Red Hat and Sun Microsystems operating systems, but NIST
is working with these vendors to incorporate their systems.
Aside from Apple, the systems are primarily server operating
systems. The FDCC does not apply to Windows systems when they are used
as servers. Its likely that the Security Content Automation
Protocolor SCAP, pronounced S-CAPwill eventually extend
vulnerability and configuration management to server operating systems.
The NIST-developed SCAP is the technical glue holding the FDCC
effort together. SCAP content is security checklist data that is
communicated in in XML formats and provides data about vulnerability,
configuration, compliance and asset information in Extensible
Configuration Checklist Description Format and Open Vulnerability and
Assessment Language.
|
|
�������xks8(y\�9;N1EۑR,XRIRQ$$qLZ?|y�O7�t%_2}���6�FhD%;acqE1��]zk;oHR}o履�Lß2J.��:AZ&!:,o�)>�#Yخetj�O�u{#|6b%?w *s�R{�:wɄ_Sx^ۗͩ6Q7;6Gu�bh�qF@#�: rWü%h-#@I.RfGuwf\.G=�4HPߢȱ}3Q=2t|ߙS�6B�u�rXq,�(F#Du3_7;z'C{�>S�U;�U;0-�r�hP�=y͠2[���~-a �w\�v4͠匝qԈI$�Z"[�;dTj�wC2�!1�;J%R*65-@GsM: fK�u�P7slqAzO1�I�ݢ�O*!1lV=�~bꆞ�?L�Ib�H؎MEn]�!ؾ�t�juqHfU�8�NHyo�~�cnhބޗ�;曎�tL\:e�CYaF-SԗuHUŪZB+T╻i�Νgĩ̙eugF?~JrN}v!>��-;��7ж�Fy
Ci7i\t?5ǁ#�ͱ _dm+5��y`R*G8�y/�O
�Y��oVp+jWsꑚ!T80y�E�4bEQrUdv"?[Z�U"V:E,[3SA)U�̠�`W:k�㭩So>=~n_t{{ENZV�Y3w �a
O'Vs~kups�O{:$O-rK]����j�izT�yIr"��t|n$,Oog9�0jg,Yn]dH&.|�|Y|؛Y72i��4(�.߆A@w�-�:3�f{5*j*�`K��7}��Sk�Isi�7�>hr�
Ae)#p?�ͅI��hJq�䠉c,XSl �R掇o\@�X\��U��>q"E[T}O��s8{3B�qɭ`g�/3�A.r)#��`o8{ÈWX*\�eG�$��4i#ŦwhL_'&�h`C}
�&
Ѐo4�ح�-=�J!pA=xSj�
&z4@۠h&r\�5$ƶ�ʦM@B9��;ǽ�ޚ�^��P�j�X^0 j�p3�*3<9�ûD��3=�k�ޜ�j
M�L<�ĥ\Ϩ
]x9-R���C/1@\JI>'�ڂ"D%� P
h��4�Afǰ�E|EN�A�W;�.V�\,y"�m':Ν3Pb�h&,��,BV-KPf%i2iń(VFN�!t�(0��Va)4EW,==Т܃,zo"[{akSS)4�ٜi8:S�@�0>A̞P��,[r�8Y>~pH��$s_n2U!�y_,�ܼ?
b>H 8���_gM������Y�!�Q1OfBfmpJuIY(�2�5��
L�qK](.E��gJl�3]s;tOT�To-V<4~���$/gcP,�+úZ�J1 ~V�$7�Bj²yc<6�B6X`9HM^0ke�zhE�M�*�ƣj���{jLjx&M[?*�9W7��hz#�oSGZ-U
Brcܰ��K���(N�$!%m�$�m:3 �cQDz3W�D<}퓏6LM�p6wpBmH�g6q�'�J[Y�*,aRJEQL�-F�*^=��(���+��Ō�ұ�ә�ʢwZ]Sv?Q:OZ- �V�Uu�<8`E�L�mRGE=B5ϴ��fWH�ZS@ٰT�%"N16�D�ȸau-`b��9ܥS�]Wָq A�Kc6CR$�Ӟ@�0ρ6MT85]/#BY)��FD�e�
S/;4/_129
?^t�sm6S߉ WܕV�����R�5]֩34-Rfz|pE% �Wk#4sB�d�Eκ�ԴG
+ĕU(jl"ΤMNU)XW,~L:Kln?`̧v_�+`jl�d��V'&c�?L>�m۠|e�2Ltn1�a%[>C?9dN u3�U�Sf>���|�`�Vj)mdٝ4yT.�"�cr�(=�#حwDNħ[mŤ#̍쪟a#�j7pՙ+J80xn�X N��zWa{QT*NJ=x�cO5}Ouc'x4Hđ�;wk}���F2P*�T�]�-�˥_�>"�0!`�P+�EO�QkzT12��a7Z>_b�7�#�1114߹�Xۣ߫�)����b�l
/ė$y�;"틖�:^w��9"�!5�.�Yz�F�]i�WǍ�
�vhgA�aϔ~H>ӟ3lz��:�J[Kuř�C9�q.Dz=�J�WE.�07L�%]?؍Wko#(
�Bf.�3ۿ|CArNx�� ��5 �kNG{/a�{mE�-�@�X�:%�e�~E/S)Q\(��hIٽjpKl��}FF/JN�^k+t{)�-��:}iA��W`�
e܃�ɢ*V|h'?�!)����4r㿜AG$�A�b�(A-H6ܺ�N>$�0�rJ`"�:�Ay;��?m-~=�`��rr����r t
xx�6�uYԺY�[&�N#hI��:%ə(��=�)�I'28IUF4A2�uI@?�Mx4HPWl
Hق.����dž5>ܻ8�]|عm|<8Rp�E���Cl��`e>bewqBiI�g��+y5EY-m*'?v��)�b.�̔|<�L��dd9$gY-dг�*jYbݩmb�izt�<�h;n{
�GS
��e�ZnOapϲl^ta=� ��dCޣd=fc�T[1n�QM�t�v�zo�蹳)�=� �}-{oC�%,Bj+G�Vɵi:3S��GgaY8F��I-Э�>�5/y{do&\)GAl�kf3g䬉q+ћN[1hڌkڗ%{g;me��Tq�jk: -`*18�Xh�Hfnm
e["+2�NIɹ^xh<:��iȨ�@7YU��d3pT?�#zeТ16P3-�Լ|GP>Ys>�]dKw�P�[�_zŞYiQu�/K\�-"PnM|U-.^TRJ>]G���Uj@,@�{�.=ا�H�YXxlQ֛j�62�#@!{� Rb���mMFz�X�2�zok�aza[ʙ�3���@�*y�h�\]�[ݚ�8)<�A~F<�vH�4�)[3yZ}hf;��⫆̖�~�@z'�ZYX��W+*OL�c+YT^?�1�;h�V���3U��p&/5V�)~e�l�֚{�sLBI�o4y˭ LT�/2K[��^}lQۏo%~!ѩi*2o-]d�w-QJN-X$�cx%IG<-�jI��!?y,:*�1QsC��߅:j�N彚P˟�a0ف_G^.�3گ?#g����zip�),i�VLUt%_F!�9WD_CJ;|:%���8�x YsJ�ut
Vןfz�9ݗde@ʕr�A+s3!><\#L*qI]gy�t6S)�~!"2G{inY[y951%mi'(�|!,��x*�Me"�/Ce'zo>�SsG\3d(N,�x���E�~A��ma'6Ec;�Q�Q�]�ei�1|I}gȶHkB}�e�x,u
9í�NS^�>8V�1(2���p�o�Y?eSNje�W0�g�|x|�.e�m_�����J-jv�7=�77�o9_s&Y����KCh9G{e++XE{#f�K'Z�'ha8C*}a,'5n�j>$|H5�HJN�+II#�<$';O*my2\<�d�{%�l���;K\pSI-̒{)\`��F�0��#�0"
{�1B`wg'*KSeK�6F!aY!)\p"a��S*u{`�#} ��T`4��yVJA]ⶦ�bj�߉�.0�%M2�p7sKK( NR%g33E#Gs�qǓڝP#�
,�8�
X:>ںˡᶾ__rZ+�!Jsm}�Bϴn1+TJ {=ݪJ}�'|Uʕ)/�I�2)0~@8h����OW@ǓW_S/(���Ԟ�ΝibҭJ,1Y8X<%TVr5|@�h�Y��M8h�M8*x2�<&G<ɒD8Vµ�pJp:A\=̊RWa;CUsu-.�tsF��Va!�nM>]jP"u0�4�ov4y{a��6��!`%+0��!��( ҺI(a�JYLʹy*wYw0MCr>7�
qK~6Gt̓�_
���l}ߑ2�($P[�4_ks.^�ܰݞt8.�yP*m�aYK<�Y~�Ò�G���+aߗ&^*2O�%c>7z��@Ϧ�;\ש~6"�YA�"rH/�#�D�G"xwS|�6A�sSI)|Y�{�yK/.g}X7
j\}-�l�-��ؗF9il4=L瀲%'>8+=)�h�Uz��5�Ɛe|Kx|n¶k�@e^�*fфA}-繉�t?-�<=g�ob���>ZR~`�N�L1I�77Kh�XRx=�|(Y�0iF� [&د^+:I4?�Mߟ_�ʽ%O5.zRߙ�9^
+ӻЮ8ɷg�p��@ �O���y�`;�n뾇mk~o�i>�xr{��>E!�
e�G�^''.g87[:voU{{�>�~�C�f^SXG�_%U�8ٲ6|�
:p�V}(K5F��
]-^�))�"� I@:\W(f�M(hw~{{��N)J�n#k�5Kb{dw�m{A"��S�:nO�;�/��j�R�
[}$,wׅΞ��ԛ8sːЖ)J_bPAΡ0�'H@�Pߥ˻tkuH�!v,g}s�ð:|f �Q�?
�N3�qA}uټD��`Π\WxCNܲ`�v\b/~�66)b4C�{M�\!ūNh0œ1�ʑ{[9
�;�Y801Tޕ��d�l�fBSj�X3^i�Iɼ=�/G
P|F0��-c��t0]Z-zf3�@VE6,ҩsKW�ֽM+eX
5}5�R�Еy��[烒y$��C2CbC8486'�fS&e<�-~n&�=|n�Im"98\!Ov�+rۿp�z�o��sƛ��A{�/YR��T[[����OU�kXrw2ОMv�q�v��C"&Hm~ 9 5��h�51�\(j:4L~l>ī_;:E�a�ٻc�+V=��es�^Io|
�ZN�=D_K��̬�,J44!X�}:��=�d���tIw="L1�ɒ�ͦ���00}
Q�C�p�Wv`��^pG5p;�p�;;|:nI�ʹNXRcr�~1�1�!}&v)`�C⎇oR@Qocㅩ8��� ��PmFj_hF8��R-}p��)$&'�_W'J�3`N
^Z>�|0XV$�DW0\k,6aY@Sv{3�B&$�T
)
`V@|ױ�s�?4u;o�^*!
pkD&8 �o-%IT�Wl@7�a�gAp@l3�}9 'l#/�.+J&Sə�k:̒vC�!XM���C�{!�,NÎo9f�H�"1�iNoZE/W'n_Ð�`9;vxNtK
+2&�B�s�85��orz_zLiu��n8!�1`BX�lC)BC�Ĭ`K
I>G�s4�#:��&,lF�B_�9�d�5,:`|/�[/� T6!
1�2�c\J,�r.K,'�H'袍g{��SDqU�@��y+��LD�ÂzB|~#[C|C�R�t�a/ynaΔ��,A��sG-ݸF
RCg?7o-nȯM0YND`c*g�
�o9Xʹ܁��|85\�N1 Fa�)^Đ0�l"�*$Ѕ:�x,@#!��*8ω�A
�t%cXOL�ֽx~DP����b�~\E) sFx#�c(X`b{ {Y5g�)ZG-Li7ax
�ȭeʜ4=V08�(��BZft/Zz`Rbs`P1+M)�pj#�ݔr�I+ @�|�?�\~ڛ'z$�kEJ9Nc/SK)�_6��0;)ӁwR�4@N
};@N
}:NJ;��vR�e"�sJ��RށNJ9E^\�Eu�n
]?��M/�)q _�s?&fN)R�_7(ms'O)�?C>3s
:�:S/>IR<��9k\���8�K�"2SZ9,.NSʫPJ9(O�Xi)Zee
KL�)/�z)^�}{'sg+�k=+ť$W�
7iKxUy%kkF1jt�tb�at�5KHe^M!)In�eb^ ydcB�
bye?= >w�I��8z.�{] r-Xѧ�bZ<�/J��sќ#DzH�>4f) 0ǦY i��]wAD1�K�.A0��Gz̉n}s)�?|�{a[GğZ� =�PW.�v�8)q<���
qL|
~io'V/wpyk;ُµ;ء ~3O߆z�C&�sH"�ݟ�ތ0�\:{j�fi q% ޢʄ2�/�s
H�i{t�XK_q3Nklc}k5?]_S߭�Һh�.��Z=쓥->~3��)pF 'F^ᑜ�I1��(��h�![ 5Z IJ#�{0�;12h��21F2P*�TR*�˥_俑+vU�L��D���ݥbEq0x3{P��,*g
�/(�@#غ̷=FP'�ͬ�jC�!hlVawа-h��p%E���Хc�x*͛Y:i��E57v�ጽIH�
�D`97#cDP"`)�K؞:��^·$� a2;g
Lϛ㵈I3Ǥ�m&%clŢh*b�ɿ�zL��:s_νǝaFg�V�0nAA?v���h#{-`CjciS҄Pe9"L=�[�gt�ztY@123{2�3q..!�
7Pت1d�QUjWy�ɐdJd���%63H2��)�3Q�>t0͜0�"�ØCvʱe>�.縘�X1�[�=�p[��V!0� C�L.\�wc0-K>X�v7i���xAAFxM<6*ǧn3F �W(�>�'Û�b,�{�_+�-'e@P���
n[�^TȯK4"f�";/'+�_waYGZJ *#�k�N϶湎3];5XnƝ Z�^���"��d`K aLXUC5�#A~Cb0|e'v썿0�P?)3=_dE~ЄFlv����Kߞ0�g9-<0�DA(Gg{Vtz�A;a���Ǝ�$|�R=$�0qn�O�
�4�ȧ�\b�:n+.Ġ/3>gG4WB�Mx5�*,T6�Rzc4��g{�|ł�� #,xHnLZt6ql>;Ksp�o�Aŵ90D00�cv�
jcT� #��̙ai2#5��J([�km`?pȪs%'~�u p$.6=k"2�Dw�Ζbn9nt�nNx�&�6z4WH-{���{@ă?X!@I�=�>,2u~)�fMQ)u@EikI/oqt_"Da+NŽ%�}Ya ��v.~mpFJt\|=T�\*�?�fI0Ϭ�S�|o�ۑ/)0XP�7v<,va��}J�m��='.}F5˟`C�.�j7;5b�OeG:1ebV!qd��z���Wޣ-["@�
e`1|4`ehDQˢS�x ѫ�v.|�h@Lw}�nÓ2OHnv�X�'>��4كt2p�s`�ܐ}Y6�J])0t5wY%���5HJ��D O.�C}�?�dr��\j�|uZ:DR�*,�&f
,����~sf�'-r�N稥@EqH'@y�mm<^<:y,�E{�S[n�6�/y�2 ��FW�cV|JrX}P7)W�
]'[S�ܟ>B`a��҃f�
oY�X��($�LwJ?�β>huq#��|cwu1uke!*O�1�:7��˟%J[߫lׁR#iHGT�FE�®":q<x]h
|Ua=r�
sbCΜ�7tU ���ᘭ��=d_q�x��N|0�ؙ1t�g)d̅2 !J^xyu~ҕ�^�)I&acQd+(*)�ؐ��3���m5'0X&1#(���R�K*t>u0 '�ƔWB#Dl���;ApV�x0#tf�j#Z--,U%իrX�mtl�#�fe|�[0�pjPo�\r%�5'a]͠gLo耵�g2(&w�ǂ!w�a+ecPOٍCe0�sMX�+0D7cڅG��S�Y6:|���,%ݐbV�S"N$؊�nr�m�m5I(>e�aCGn0}";poq-���iL%���90�Egxy��ja&'"e��S$Y"��`\YJ���|]�=�4Pb!tϿ�K?Sl��v�,8v�km��*x)i��
Km̎hŊ[�g5y0q�^zh~ptq"��-�EKB^ �X>VqrҾ�b�
CЯ��sgs7*Ѡ~oL%�{'�4��2�HZ�\I5W䷺$`�3�ڔ9MR"Zk/!�dR8.զr0:gv�>\}q'�Z2c�g"k�jY6���
|
Network Security & Hardware 
