Collaborate Disseminate
We are looking into reviewing our organization OS/DB hardening checklist (done by predecessor). We’re aware that there are various benchmarks out there like CIS & STIG to guide on that, and the current checklist is rather a short list … Continue reading OS/DB Hardening Checklist Drafting Process
Looking at CIS Microsoft Intune for Windows 10 Release 2004 Benchmark v1.0.1. I’m wondering about the following section:
I’m puzzled as to what the actual recommendation here is. The setting they are referring to is the one below
General… Continue reading CIS Signature Updates setting recommendation [closed]
We use GCP Cloud Storage and Cloud CDN to deliver some static assets (html/css/js/.jpg/.png). The buckets used to store those are public with anonymous access (i.e. allUsers in GCP terms).
On one hand Cloud CDN documentation seems to encou… Continue reading How to configure CDN GCP bucket access privileges
I’m deploying an AWS Infrastructure that should adhere the CIS Benchmark.
I’m trying to understand if the TCP port of the VPN server that permit access to the VPC has to be considered as a "Server administrator port" and thus the… Continue reading Has the TCP port of a VPN access to the VPC to be considered as a "Server administrator port" in CIS benchmark?
I’m deploying an AWS Infrastructure that should adhere the CIS Benchmark.
I’m trying to understand if the TCP port of the VPN server that permits access to the VPC has to be considered as a "Server administration port" and thus t… Continue reading Would the TCP port of a VPN with access to the VPC be considered as a "Server administration port" in CIS benchmark?
I am looking for what CIS defines as each of the Asset Types. They have each of the asset types within the glossaries of their documents (Controls, Risk Assessment Methodology, Community Defence Profile) but i havent been able to see what… Continue reading The definition of ‘Data’ Asset Type under the Center for Internet Security (CIS) Controls v8, RAMv2, CDMv2
Is there any tool/products out there which can do the following?
apply CIS or custom hardening settings on servers (linux)
monitor those settings for changes and report
fix the deviation from the tool, whenever asked by the compliance tea… Continue reading Security configuration manager tool [closed]
CIS has published a list of container vulnerabilities that should be addressed to complete the hardening process.
Are there separate sets of tools that only point out the vulnerabilities
and then tools that "fix" the vulnerabili… Continue reading Tools for "scanning" container (hardening) vulnerabilities vs tools for "performing" the hardening [closed]
CIS has published hardening standards for all operating systems of EC2 in AWS.
CIS also provides hardened images as well but they’re quite expensive at $130/year/instance.
Is there a place where we can get open source hardening scripts to … Continue reading Where could we get CIS Hardening Scripts for AWS EC2?
What are the differences between the CIS hardened linux and SELinux(security linux)? Also, all the public cloud service providers support CIS hardened linux. Does it mean SELinux has lost the battle? Or in terms of security, which flavor s… Continue reading CIS hardened linux vs SELinux(Security Enhanced)