DISA Desktop Security Made Simple -- in 144 pages
By Bob Brewin | Wednesday, October 17, 2007 | 04:37 PM
By Bob Brewin | Wednesday, October 17, 2007 | 04:37 PM
The Defense Information Systems Agency periodically releases security guides for networks and devices connected to its networks, but the latest version of its Desktop Application Security Checklist would boggle the average end-user’s mind with its complexity.
Take for example, the guide’s instructions on how to check for file and directory permissions:
There are multiple ways to check file and directory permissions:On Windows NT systems, the DumpSec utility can be used. Details on the usage of DumpSec can be found in the section Using DumpSec in the
Windows Security Checklist document.On Windows 2000 systems, the Microsoft Management Console (MMC) can be used with the Security Configuration and Analysis snap-in. Details on the usage of this tool set can be found in the sections Using the Microsoft Management Console and File and Directory Permissions in the
Windows Security Checklist document.The Windows NT Explorer application on Windows NT or the Windows Explorer
application on Windows 2000, XP and 2003 can be used. Details on this approach follow.On Windows NT, the Windows NT Explorer application can be used to manually check the permissions on a Windows file or directory. Navigate to the object and right click on it. Select the Properties item, the Security tab, and then the Permissions button.
On Windows 2000, XP, and 2003, the Windows Explorer application can be used to manually check the permissions on a Windows file or directory. Navigate to the object and right click on it. Select the Properties item, the Security tab, and then the Advanced button.
I’m better than an average reader but have little idea what any of the above means. So, I assume this security guide must be designed for advanced techno-geeks – as the entire Defense Department would otherwise grind to a halt while end users plowed through similar verbiage on the other 143 pages of the guide.
Comments
I started in Networking in 1987 and had I known how complicated security, permissions, virus-checking and spyware would become, maybe I would have stayed in the accounting field where I started. On the high side, there's always something new for me to figure out, and it keeps my brain exercised.
If you break this guide down into operating systems (OS) first, then follow the specific directions, it won't seem quite as complicated.
Techno-Geek | Friday, October 19, 2007 | 02:23 PMThis security guide is designed for advanced techno-geeks. The checklist is a guide that goes hand in hand with a Security Technical Implementation Guide, or STIG. This STIG is a list of rules or "recommendations" for securing a computing platform. For each rule, you'll see verbiage that states "The IAO (Information Assurance Officer) will ensure", or "The SA (System Administrator) will ensure", etc. It's up to the CIO to ensure that these systems are compliant as part of the Certification and Accreditation process. So next time something isn't working on your government computer because of a security setting, think of DISA and give your local IT team a break. They're just following orders.
Larry Gombos | Thursday, October 18, 2007 | 11:24 AMABOUT THIS BLOG
Allan Holmes on what's happening and what's being discussed in the world of federal information technology.
feed