Tech
Mar 28

Original Article: Windows NT/2000 Security Scoring Tool

in Security

The Windows NT/2000 Security Scoring Tool is based on sets of standards agreed upon by the Center for Internet Security (CIS), the SANA Institute, the National Security Agency (NSA), the Defense Information Systems Agency (DISA), the National Institute of Standards and Technology (NIST), and the General Services Agency (GSA). The application The tool first runs a comprehensive scan that scores a computer based on a set of security standards. After the scan runs, there are multiple reports to view.

The Summary Report lists a summary of the scan with your score in each area of the scan (an html copy of the information on the main window of the tool after a scan). The Hotfix Report finds the Hotfixes you need and gives links to the MS download pages for those Hotfixes. The User Report displays accounts with passwords older than 90 days and gives detailed information about each account. The Service Report shows all non-default installed services. The Scan Log gives a detailed list of all items the scan went through and which were not configured correctly. The Debug Log displays the different processes the program went through.

The Good
The program comes with a detailed implementation guide that is a must read. There are multiple security templates, so after reading the included pdf files you can select the one that is right for the level of security you want. You can configure the program to not check the registry, to not evaluate file checksums, and to give verbose output. Also, the program can export an effective group policy that conforms to the security template’s standards.

The Bad
Two minor faults we found were the inability to save scan reports easily and the inability to stop a scan while it is being performed. Also, you can only run the tool on the local machine and not other computers connected to a network. This means that network administrators would have to run the test on each machine individually and while physically at a machine, or leave it up to a user to run the test on his/her own. Furthermore, The Center for Internet Security’s agreement only allows you to download the files from their site and not distribute them (unless you are a member).

More Information
The CIS website also has tools for Solaris, Linux, HP-UX and Cisco IOS Routers.
The Center for Internet Security
Download the Windows 2000 Benchmark and Scoring Tools

Originally posted on Infohuts.com and TechHelpCenter.com, which has been folded into Shiwej.com.

0 comments

RSS If you enjoyed this post, then make sure you subscribe to my RSS Feed.

Related Posts:

Leave a Reply

© 2006-2007 Jason Schramm. Site design by Jason Schramm.
Jason Schramm is the man.