What is some system hardening standards?

Several industry standards and guidelines for system hardening exist. The National Institute of Standards and Technology (NIST), the Computer Information Security (CIS) Center for Internet Security, and Microsoft, for example, all maintain standards for system hardening best practices.

For example, system hardening best practices outlined by the NIST in Special Publication (SP) 800-123, a document focused entirely on system hardening, include:

•             Establishing a system security plan

•             Patching and updating the OS

•             Removing or disabling unnecessary services, applications, and network protocols

•             Configuring OS user authentication

•             Configuring resource controls appropriately

•             Selecting and implementing authentication and encryption technologies

Another example of a system hardening standard is CIS Benchmarks, an expansive collection of more than 100 system hardening configuration guidelines addressing vendor-specific desktops and web browsers, mobile devices, network devices, server operating systems, virtualization platforms, the cloud, and commonly used software applications.

The CIS Center's system hardening standards are accepted by government, business, industry, and academia. Relevant CIS benchmarks are available for download free of charge on the organization’s Free Benchmarks PDFs webpage.

There are a few different ways to harden your server or workstation. They involve addressing different aspects of the system.

How can I harden my system?

System hardening is a dynamic and variable process. One of the best ways to begin or expand upon the system hardening process is to follow a system hardening checklist or a system hardening standard, such as those published by the NIST or CIS Center.

Generally, how you harden your system depends on your server’s configuration, operating system, software applications, hardware, among other variables.

The system hardening standards and guidelines published by the NIST and CIS Center for Internet Security, for example, discuss system hardening techniques specific to Microsoft Windows, Unix, and Linux.

So, if you’re curious about how to begin the system hardening process, reading the NIST’s Special Publication 800-123 and the CIS Center for Internet Security’s free benchmark PDFs is a good place to start. You can then, if necessary, consult with an experienced cybersecurity professional on how to move forward with implementing these standards’ recommended processes and best practices within your business or organization.

There are some common and transferrable system hardening practices of which you should be aware, however. We've put a few best practices in the checklist below.

A good system hardening checklist usually contains the following action items:

1.            Have users create strong passwords and change them regularly

2.            Remove or disable all superfluous drivers, services, and software

3.            Set system updates to install automatically

4.            Limit unauthorized or unauthenticated user access to the system

5.            Document all errors, warnings, and suspicious activity

Conclusion: AutomateCIS help you automate Server hardening

AutomateCIS is a scalable platform to Audit your Servers against CIS Benchmarks, Remediate the failed audits, and rollback the remediation just in case the remediation is causing issues on your application

For more information about AutomateCIS please refer: https://www.zippyops.com/automatecis



Relevant Blogs: 

CIS Benchmark

System Hardening: An Easy-to-Understand Overview

Types of system hardening

OS Hardening: 10 Best Practices

Recent Comments

No comments

Leave a Comment