Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Security Feature Configuration Standards, Guides, and Tools - Survey

From: Jim Moore <jhmfa () RIT EDU>
Date: Fri, 2 Aug 2002 10:11:03 -0400
Hello all,

My apologies for double mailings for those of you on both mailing lists.  I
am.  And I might say an advance word of thanks for those of you sharing on
these lists.  It has been enlightening.

We are doing some research into creating baselines for configuration of
operating systems security features.  There have been some questions as to
the need for standards.  I have noticed that some people don't have
standards but provide the SANS Step By Step guides as tools for members of
their community to use.  If you can answer the following in line, and send
it back to me (not the list), I will summarize it.

Are you willing to have this published in RIT documentation (as references)?

Do you want the summary of this published back to this list?

I would like to find out the following:

1) Do you have baselines or standards for the configuration of operating
systems security features?

If, Yes, is it a standard or a baseline?  When did you start your
development efforts?

Are you willing to share them (with attribution)?
A URL?
(Attachments?)

If, Yes, for which operating systems
Windows 95/98/ME
Windows NT
Windows 2000
Windows XP

Linux
Do you differentiate between versions of Linux?

Apple
OS9.x
OS X

Solaris
7
8
9

Other

Do you have other security related standards/baselines?
(URLs if you are willing to share)
Firewalls
Web server configuation
Mail server/relay configuration
Wireless networking

If you don't have standards or baselines, do you offer configuration
guidelines to your campus?

Do you offer the SANS Step By Step guides?
Windows 2000
Solaris

Do you offer security tools?
Anti-Virus
Personal Firewall
Other

Are all tools offered supported (or are they just available?)

My last question is not related to configuration but incident handling.
Do you have an incident handling procedure documented?
Is it tied to a policy or standards?

Thanks for your time!!!

Jim Moore
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester NY 14623-5603

585-475-5406
585-233-3802 (cell)

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: