Friday, July 16, 2004

NIST document on securing Windows XP

Last week, I found an interesting document from the NIST (National Institute os Standards and Technology) titled Guidance for Securing Microsoft Windows XP for IT Professionals: A NIST Configuration Checklist (PDF version).  It's an interesting read - they cover a lot of ground, and it is aimed at XP Pro boxes living used in business environments (they do cover small home-based business PC's as well as large enterprise installations, so it's fairly wide ranging).

A while ago, I remember working on a document that gave XPE specific commentary on some whitepapers that covered XP Pro.  The whitepapers came from MS, and the document I provided was fairly light - it said, here's the doc on XP Pro, and here's how this works on XPE (unfortunately, the doc isn't on our web site, but there is a collection of security documents available).  So in that spirit, I want to write a similar XPE based document that covers some of the NIST recommendations.  I'll be pitching the doc to the team later this month, but I wanted to list some of my thoughts here.

First, the document covers XP Pro SP1, and doesn't cover SP2 security features in the main document (it does cover them in Appendix B, but covers the Beta version).

Second, since the NIST doc is aimed at IT pros managing XP Pro systems in an enterprise environment, some of the security recommendations won't fly depending on your device environment.  Stuff like Active Directory, group policies, automatic updates, and account policies are a "use 'em if you got 'em" proposition for most embedded developers.

Third, because the doc is aimed at securing Pro devices, most of the recommendations cover how to change settings in the UI.  One of the challenges I'm going to have is mapping the UI they provide to component settings or registry keys you can tweak.

Lastly, the document is very complete - it 147 pages of tight text and specific recommendations.  While I'm not a fan of government documents in general, this one is fairly well done - I don't think it would be much lighter had it come as a single document from us.

I like this document - it covers a lot of ground, doesn't waste a lot of time, and brings together a bunch of key security concepts along with some practical advice as well as samples.  If you haven't read it yet, get it and read it.  And if you have to print it, go with double-sided four pages per sheet - it is long.

3 comments:

Anonymous said...

Keep it up. I enjoy your nice blog. check out my business cookie from home start
site. It pretty much covers business cookie from home start
related stuff.

sandyhay said...

I was just nosing around the net and found your blog. Looks good! Ihave a small business book keeping software site myself covering small business book keeping software . Visit sometime.

mortgage said...

home equity loans mortgage rates home loans home equity line of credit car insurance cash advance credit cards debt consolidation dental plans health insurance home equity line of credit home equity loan home equity loans debt consolidation home finance home loan life insurance mortgage mortgage mortgage brokers mortgage companies mortgage lenders mortgage loans mortgage loan mortgage refinance mortgage refinance mortgage refinancing mortgages mortgage cash advance payday loans realtors refinance web hosting Alabama mortgage Alaska mortgage Arizona mortgage California mortgage Colorado mortgage Connecticut mortgage Mortgage Delaware mortgage Florida mortgage Georgia mortgagerefinance refinance Hawaii mortgage Idaho mortgage Illinois mortgage Indiana mortgage Iowa mortgage Kansas mortgage Kentucky mortgage Louisiana mortgage Maine mortgage Maryland mortgage Massachusetts mortgage Michigan mortgage Minnesota mortgage Mississippi mortgage Missouri mortgage Montana mortgage Nebraska mortgage Nevada mortgage New Hampshire mortgage New Jersey mortgage New Mexico mortgage New York mortgage North Carolina mortgage North Dakota mortgage Ohio mortgage Oklahoma mortgagemortgage rates Oregon mortgage Pennsylvania mortgage Rhode Island mortgage South Carolina mortgage South Dakota mortgage Tennessee mortgage Texas mortgage Utah mortgage Vermont mortgage Virginia mortgage Washington mortgage West Virginia mortgage Wisconsin mortgage Wyoming mortgage online casinos online poker cheap domain names domain names