NSA Security Configuration Guides For Different OS's

[ComputeRx]

http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

I use this as a resource to hand over to my clients after I setup their networks, removing a trojan/malware or if they have security questions. When you whip it out and show them, you should see the look on their faces when they see it is from the NSA!

 

[Benchtech]

Interesting...
POSTED YESTERDAY:

http://www.technibble.com/forums/showthread.php?t=27470

 

[hooilc]

Thanks for that information!

 

[Matrixitc]

Thanks for the info. That is great stuff!

 

[ScottGeelong]

Thanks, I'll be adding this to my reading over the next few days for sure!

 

[PcTek9]

Over the next few days? You must be a speed reader... But my guess would be no one would know more about computer security inside conus than nsa techs. You might be able to find some updated references to the defense departments rainbow library as well, if you look hard enough on milnet. Quite frankly the only people i forsee spending massive amounts of time reading the rainbow library or nsa documentation are those searching for an avenue of exploit, and perhaps a small number of technicians around the world interested in security profiles.
I feel providing networking security information to the public, and by default to foreign governments about the type and kinds of policies you use in your governments networks is equivalent to providing thieves with a map of your home. Nothing is always best.

 

[Carl]

Quite frankly the only people i forsee spending massive amounts of time reading the rainbow library or nsa documentation are those searching for an avenue of exploit, and perhaps a small number of technicians around the world interested in security profiles.

If you don't search for Exploits you can't keep your stuff secure. Simply a matter of how much security is enough for you/your clients. With security its the programers job to guard against everything s/he can guard against, its the hackers job to find the one s/he missed. - Who's job is easier?

As for: "a small number of technicians around the world interested in security profiles" I wouldn't call "Security" a small market it is and will continue to be a growth industry - Esp. as far as safeguarding systems and data goes. There is simply so much that can go awry its not funny, and a lot of it is locked with bubblegum and a twist tie.