Educause Security Discussion mailing list archives
Re: System Hardening Standards
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Tue, 15 Nov 2016 13:54:01 -0500
To add to that I believe the CIS is coming out with the ability to select which of the controls you test and score. This will make it so you have a subset of the controls that make sense for you environment. If you run Nessus, Security Center, has CIS implemented as compliance tests. Cheers, Harry On Nov 15, 2016 3:32 AM, <Valdis.Kletnieks () vt edu> wrote:
On Mon, 14 Nov 2016 12:44:43 -0800, Jessica Odom said:We use CIS (https://benchmarks.cisecurity.org/downloads/#free) andtweak toour environment. They provide a nice checklist and the technical detailofhow to perform the control, which is helpful since their standards ourverycomprehensive. We definitely cannot do everything they recommend and we annotate that in our documentation, but it serves as a useful learning exercise. --JessSpeaking as one of the unindicted co-conspirators who started the benchmarks, there was never any intent that every system apply every single control listed. You should apply all those controls that don't break the particular machine's reason for existence - and then document the ones you weren't able to turn off, and apply compensating controls (for instance, firewall/iptable rulesets that restrict access to only machines that need it, or additional logging/alert systems set up, possibly SNORT rulesets, etc etc).
Current thread:
- System Hardening Standards Justin Harwood (Nov 14)
- Re: System Hardening Standards Adam Maynard (Nov 14)
- Re: System Hardening Standards Jessica Odom (Nov 14)
- Re: System Hardening Standards Valdis Kletnieks (Nov 15)
- Re: System Hardening Standards Harry Hoffman (Nov 15)
- Re: System Hardening Standards Eric Lukens (Nov 15)
- Re: System Hardening Standards Jessica Odom (Nov 14)
- Re: System Hardening Standards Taylor Randle (Nov 14)
- Re: System Hardening Standards Adam Maynard (Nov 14)
- <Possible follow-ups>
- Re: System Hardening Standards Shankar, Anurag (Nov 14)