Professional Documents
Culture Documents
Get Notifications
As delivered from the manufacturer, your network systems’ default configurations are often function-oriented rather
than security-oriented. Changing the system’s default configuration to a more secure form is what we refer to as
system hardening.
2. Compliance- system hardening is now a basic requirement of most information security regulations. Regulations
such as PCI-DSS, HIPAA, CMMC, and others require organizations to implement a robust hardening policy. Hardening
can no longer be a ‘check the box’ task to pass an audit. Implementing a comprehensive hardening policy, based on the
industry’s best practices benchmarks, is a continuous process that must be handled with care.
The high regulatory demands and emerging risk for cyber attacks require organizations to invest more than ever in
achieving a secure baseline by implementing robust hardening policies.
Get Notifications
your policy, usually according … Continue
reading
Calcom software
2. Generating an impact analysis of the policies and implementing them – policies’ impact on production must be
analyzed to prevent production outages resulting from the implementation of the policies. This is a critical stage as it is
prone to mistakes that can lead to devastating results. After analyzing, only policies that won’t affect the production
can be implemented on the relevant machines.
3. Monitoring and maintaining compliance posture – hardening is often mistaken to be considered as a one-time task.
The truth is that if you’ll treat it like that, you’ll find yourself back in square one after a year or two post your initial
hardening project due to the dynamic character of the infrastructure. While machines are taken off and others are
installed, change management procedures are a weak link in maintaining your compliance posture. In addition, new
vulnerabilities must be addressed in your hardening policies.
Get Notifications
SECURITY IMPACT ANALYSIS – What, Why,
and How?
When planning a hardening project, there are two types of impact
analysis you need to think of as part of your plan – policy impact
analysis and security impact analysis. … Continue reading
Calcom software
Solution:
non-automated-
In an optimal impact analysis, you’ll need to perfectly simulate every type of environment that you have in production.
After doing that, you’ll need to simulate every required policy and check its impact on the server’s functionality. Note
that even after building such an environment you won’t be able to simulate the amount of traffic and users in the
network. Make sure to take this into consideration in relevant policy rules.
automated-
Use automated tools (https://www.calcomsoftware.com/server-hardening-suite/?
utm_source=article&utm_medium=traffic&utm_campaign=postLink&utm_id=postLink) that will generate this report
from analyzing the impact directly on production. These tools are usually agent-based and will generate the most
accurate report possible.
Solution:
non-automated –
Use Group Policy Objects (GPOs) or configuration management tools and administrative methods to make sure that the
right policy was fully implemented in the right machine. Follow change management best practices methods
(https://us-cert.cisa.gov/sites/default/files/c3vp/crr_resources_guides/CRR_Resource_Guide-CCM.pdf) to build a
change management policy inside your organization.
If you're planning to harden your
automated- servers, we have some
1
Get Notifications
Investing efforts in the proper hardening of servers is not enough. Ongoing monitoring and maintenance are required as
the production environment constantly change, and new vulnerabilities are discovered. Lots of time and money can be
saved when adopting healthy habits that will prevent the need to harden your infrastructure from scratch every few
years.
Solution:
non-automated / using scanning tools –
You’ll need to implement structured procedures for:
1. Annual Policy Update due to new vulnerabilities and updates in the infrastructure’s components and structure.
2. Compliance checks to make sure that policy and infrastructure changes didn’t damage compliance.
3. Conserving information about what changes were made, where and when, is crucial. Usually, all relevant
knowledge is possessed by the IT staff member who is responsible for this matter. Once that staff member leaves the
organization, no one knows what actually happened in the system and why certain decisions were made.
automated –
An automated solution (https://www.calcomsoftware.com/server-hardening-suite/?
utm_source=article&utm_medium=traffic&utm_campaign=postLink&utm_id=postLink) for this challenge will provide
continuous monitoring of your compliance posture, prevent configuration drifts, and remediate undesired changes.
CONCLUSION:
There are two approaches for system hardening- automated and non-automated. By choosing a non-automated
approach you’ll need to develop intra-organization procedures and assist non-hardening specific tools. The level of in-
house knowledge and resources you’ll need will be high. This approach is relevant for small-size businesses with up to
150 servers’ infrastructure. For larger organizations, the recommended approach is to use hardening automation tools
(https://www.calcomsoftware.com/server-hardening-suite/?
utm_source=article&utm_medium=traffic&utm_campaign=postLink&utm_id=postLink). These tools will provide a
hole solution for this process and dramatically increase the chance of having a secure and compliant infrastructure.
Calcom software
Get Notifications
(http://calcom.hubspotpagebuilder.com/how-to-plan-and-manage-your-hardening-project-1)
HQ
+972-8-9152395
Get Notifications
US OFFICE
+1-212-3764640
sales@calcomsoftware.com (mailto:sales@calcomsoftware.com)