Educause Security Discussion mailing list archives
Re: System Hardening Standards
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 15 Nov 2016 03:32:11 -0500
On Mon, 14 Nov 2016 12:44:43 -0800, Jessica Odom said:
We use CIS (https://benchmarks.cisecurity.org/downloads/#free) and tweak to our environment. They provide a nice checklist and the technical detail of how to perform the control, which is helpful since their standards our very comprehensive. We definitely cannot do everything they recommend and we annotate that in our documentation, but it serves as a useful learning exercise. --Jess
Speaking as one of the unindicted co-conspirators who started the benchmarks, there was never any intent that every system apply every single control listed. You should apply all those controls that don't break the particular machine's reason for existence - and then document the ones you weren't able to turn off, and apply compensating controls (for instance, firewall/iptable rulesets that restrict access to only machines that need it, or additional logging/alert systems set up, possibly SNORT rulesets, etc etc).
Attachment:
_bin
Description:
Current thread:
- System Hardening Standards Justin Harwood (Nov 14)
- Re: System Hardening Standards Adam Maynard (Nov 14)
- Re: System Hardening Standards Jessica Odom (Nov 14)
- Re: System Hardening Standards Valdis Kletnieks (Nov 15)
- Re: System Hardening Standards Harry Hoffman (Nov 15)
- Re: System Hardening Standards Eric Lukens (Nov 15)
- Re: System Hardening Standards Jessica Odom (Nov 14)
- Re: System Hardening Standards Taylor Randle (Nov 14)
- Re: System Hardening Standards Adam Maynard (Nov 14)
- <Possible follow-ups>
- Re: System Hardening Standards Shankar, Anurag (Nov 14)