In April 1998, Trusted Systems completed a 1-year project for the National Security Agency (NSA) Research Organization to produce guidelines for securely configuring the Windows NT operating system, with Steve Sutton of TSS as the principal investigator. These guidelines target best commercial and military practice, and are based on extensive research into previous and concurrent efforts. TSS regularly updates these guildelines to reflect recent advances to the "common lore" for making Windows NT as secure as it can be.
The completed 110-page guidelines are available free from our download page. The "Guidelines" have proven immensely popular and have been downloaded by over 50,000 users. We regularly receive suggestions and comments at NTGuide@TrustedSystems.com. Please note also our Addenda & Errata page.
This NSA project also included the development of prototype software for checking conformance to the guidelines, which formed much of the basis for the AdvancedChecker product now marketed by TSS.
We will continue to review common practice for securing Windows2000 and add any new information to the Guidelines. (Despite the new Windows2000 security features, most of the basic security considerations for setting a secure installation of Windows NT/2000 will not change. One must not lose sight of the fact that this is, at its basis, a product upgrade.)
Original Press Release
URBANA, IL,--Trusted Systems Services, Inc. was awarded a contract from the National Security Agency (NSA) research organization to prepare administrative and operational guidelines for securely installing Windows NT networks in NSA and other DoD environments. These guidelines address both Windows NT Server and Workstation, as well as Windows 95 clients and the new Microsoft Internet information technologies: Microsoft Proxy Server (MSP, previously called "Catapult") and the Internet Information Server (IIS). The target audience for the guidelines consists of typical DoD site administrators with modest expertise in Windows NT security. The effort also explores techniques for automating and auditing a secured installation.
Steve Sutton, principal investigator for the effort, noted that "the importance of Windows NT in both the commercial and federal sector is no longer in doubt. While its impressive C2-level security features offer much to site administrators, they also place a significant learning burden. We are pleased that the NSA has taken the initiative to provide relief in this area." Scott Cothrell, who provides principal technical oversite of the project for NSA noted that, "The NSA appreciates the urgency within many DoD agencies to deploy Windows NT configured as securely as it can be. We are happy to have Trusted Systems teaming with us on this effort." According to Stephanie Bury, Business Director of Trusted Systems, "We are pleased to perform this effort that ties in with our other Windows NT security work. We are looking forward to an interesting and educational interaction with the NSA research organization, and steady progress toward our goal to be completed by the end of the year."
Trusted Systems Services is a computer security consulting and training company with offices in Urbana, Illinois that specializes in Windows NT security. Trusted Systems has performed similar work for NATO, recently completed technical management and implementation of a study to make Windows NT B-level evaluable, and recently published a textbook on installing and using Windows NT networks securely (the Windows NT Security Guide by Stephen A. Sutton).