This enables security teams to further define process es to prevent attacks with minimal human error. The core aspect of these tools is that the documents are translated into code, which allows for automated evaluation of each rule. ![]() A study on tools that can verify benchmark’s configuration in an automated fashion must be a priority if one wishes to implement them. Just like most processes when it comes to computer systems, automation is key and greatly reduces overhead. In the case of a small company, this form factor may work, but for companies of considerable size with thousands of hosts it is unfeasible to manually check and remediate thousands of configurations. T hese are typically long files, for example, the CIS Benchmark suggests 216 individual configuration guidelines for CentOS7 alone. Figure 2: Example of configurations for Windows Server 2016 (source: Automation is keyįrom the get-go, the Benchmark documents are just that : documents in PDF format. The Figure 2 is an example of configuration rules that exist on the benchmark for the Windows Se r ver 2016. This is an extensive document where each suggestion contains a detailed d escription of the issue it addresses as well as auditing, remediation steps and possible issues. This is a project maintained by the CIS and “is the primary recognized industry-standard for secure configuration guidance, developing comprehensive, consensus-derived checklists to help identify and mitigate known security vulnerabilities across a wide range of platforms ”. One of the most relevant documents, when it comes to guidelines on security configurations, is the CIS Benchmark.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |