search menu icon-carat-right cmu-wordmark

Securing Desktop Workstations

February 1999 Security Improvement Module
Derek Simmel, Gary Ford, Julia H. Allen, Christopher J. Alberts, Barbara Fraser, Eric Hayes, John Kochmar, Suresh Konda

The practices recommended in this 1999 report are designed to help you configure and deploy networked workstations that satisfy your organization‰s security requirements. The practices may also be useful in examining the configuration of previously deployed workstations.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-99-SIM-004

Abstract

The development of computer networks has resulted in an important class of computers: network servers. The primary purpose of these machines is to provide services, including both computational and data services, to other computers on the network. Because of their service role, it is common for servers to store many of an organizations most valuable and confidential information resources. They also are often deployed to provide a centralized capability for an entire organization, such as communication (electronic mail) or user authentication. Security breaches on a network server can result in the disclosure of critical information or the loss of a capability that can affect the entire organization. Therefore, securing network servers should be a significant part of your network and information security strategy. Many security problems can be avoided if servers and networks are appropriately configured. Default hardware and software configurations, however, are set by vendors who tend to emphasize features and functions more than security. Since vendors are not aware of your security needs, you must configure new servers to reflect your security requirements and reconfigure them as your requirements change. The practices recommended here are designed to help you configure and deploy network servers that satisfy your organizations security requirements. The practices may also be useful in examining the configuration of previously deployed servers.