The Defense Information Systems Agency periodically releases security guides for networks and devices connected to its networks, but the latest version of its Desktop Application Security Checklist would boggle the average end-userâ€™s mind with its complexity.
Take for example, the guideâ€™s instructions on how to check for file and directory permissions:
There are multiple ways to check file and directory permissions:
On Windows NT systems, the DumpSec utility can be used. Details on the usage of DumpSec can be found in the section Using DumpSec in the Windows Security Checklist document.
On Windows 2000 systems, the Microsoft Management Console (MMC) can be used with the Security Configuration and Analysis snap-in. Details on the usage of this tool set can be found in the sections Using the Microsoft Management Console and File and Directory Permissions in the Windows Security Checklist document.
The Windows NT Explorer application on Windows NT or the Windows Explorer
application on Windows 2000, XP and 2003 can be used. Details on this approach follow.
On Windows NT, the Windows NT Explorer application can be used to manually check the permissions on a Windows file or directory. Navigate to the object and right click on it. Select the Properties item, the Security tab, and then the Permissions button.
On Windows 2000, XP, and 2003, the Windows Explorer application can be used to manually check the permissions on a Windows file or directory. Navigate to the object and right click on it. Select the Properties item, the Security tab, and then the Advanced button.
Iâ€™m better than an average reader but have little idea what any of the above means. So, I assume this security guide must be designed for advanced techno-geeks â€" as the entire Defense Department would otherwise grind to a halt while end users plowed through similar verbiage on the other 143 pages of the guide.