Demand for NSA's W2K Security Guidelines Overwhelms Agency's Web site
- By Scott Bekker
- June 14, 2001
A set of security guidelines for Windows 2000 posted by the National Security Agency
last week proved so popular that NSA was forced to shut that area of its site down.
Visitors trying to access the security guidelines were greeted with a message that NSA was reconfiguring its Web site to handle the volume of visitors interested in downloading the guides. NSA planned to have the Windows 2000 security download portion of the site back online this week.
The U.S. intelligence shop released five security templates in .inf format, 17 security recommendation guides (.pdf) and three supporting documents.
NSA's guidelines don't appear to break much new ground.
Russ Cooper, owner and moderator of the NTSecurity mailing list on Windows security, noted few changes to the security templates Microsoft has offered since the release of Windows 2000. "There were a couple of lines added to restrict access to removal of media and autoplay," Cooper said based on a quick review of NSA's templates last week before NSA took them offline.
Still, the guidelines offer the justifiably paranoid NSA's blessing for Department of Defense establishments looking to install Microsoft's operating system. They also represent an extra layer of comfort for those charged with secure corporate deployments of Windows 2000, assuming all those rumors of NSA-Microsoft collusion on Windows 2000 backdoors aren't true.
Microsoft and NSA did work closely on NSA's guidelines, evidenced by the Microsoft copyrights on the NSA documents.
"NSA used Microsoft's templates and checklists as one of their starting points, and reviewed them and customized them to be appropriate to their perception of their users' environments and threats. Microsoft reviewed their drafts and interacted extensively with them during the development process," a Microsoft spokesman said in a statement.
NSA produced an influential document about securing Windows NT 4.0 systems a few years ago. Cooper notes that Microsoft incorporated many of NSA's security suggestions into Windows 2000.
"I don't think there was as much work needed by the NSA for them to be satisfied with the security" this time, Cooper notes. "And it only took them 18 months to do that."
When NSA's security guidelines are reposted, they can be found by linking from the agency's homepage.
Microsoft's repository of security tools and checklists may be found here.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.