NSA Security Configuration Guides

October 12, 2008

While I was in the Marine Corps doing one of my tour’s in the middle east (Iraq), I was often reminded that we needed to take great measures to secure our network systems.  We took several approaches to this task.  During my second tour I was in a way mentored by a contractor, Andy Garcia.  He worked, If I remember correctly, for Northrop Grumman and was part of the Information Security team for the Marines.  He sort of took me under his wing and showed me the ropes on basic information security.  I sort of became obsessed with it.  Just knowing how easy it was to exploit little things like unpatched Microsoft OS’ and buggy IOS or even wireless network with so called wired equivalent protection (WEP).  It just flabbergasted me watching him gain administrative access on systems that I once thought were “secure”.

I then found a blessing from the National Security Agency (NSA).  They had published baseline security lockdown guides for the majority of technologies that we were deploying.  I started using them to secure our systems along with a large number of recomendations from Andy and the information security team.  It was and still is my favorite part about the job.

Just as an overview, the guides go through getting rid of some bad default settings, teach you to run services with a less priviliged user, and best of all…common sense.  Securing systems is a lot of the latter.  Don’t use default passwords, don’t run as root, etc.  They go into great depth on certain subjects, an just glaze over a few others but the documents are well written and if uses appropriately WILL help you protect your systems.

This have been around for a while now so you may have already know about them but even if you have seen them before, please take a look again just as a refresh.

Leave a Reply

Your email address will not be published. Required fields are marked *


*