The Center for Internet Security (CIS) is offering free benchmarking tools designed to help users better secure their Windows 2000 systems, Cisco Systems routers, and Sun Microsystems Solaris systems—-the three common points intruders attack.
CIS states the motive for the center's benchmarks in a document on the organization's Web site: "A key element currently missing in Internet security is useful and widely accepted, non-proprietary, security-enhancing benchmarks specifying in greater detail how systems should be configured and operated."
The center said it operates independently of vendor interests in order to provide impartial, objective guidance.
The benchmarks consist of guidelines and downloadable tools that analyze and scan various aspects of system security. For Win2K, CIS offers its "Level 1 Benchmark and Scoring Tools," which consist of two documents (available in PDF format) and a scoring tool. For Cisco routers, the center offers its "CIS Level-1/Level-2 Benchmark and Audit Tool for Cisco IOS Routers." The package includes a router audit tool and two guideline documents (available in HTML and PDF format). The audit tool runs on UNIX and operates using Perl. The Solaris package contains one document (in PDF format) and one tool that scans and scores system security.
All three packages are available at CIS' Web site, and the organization is in the process of developing similar packages for Linux, AIX, HP-UX, Windows NT, Win2K bastion hosts, Internet Information Services (IIS) 5.0, Apache, and Checkpoint's firewall and VPN solutions.
News source: WinInformant