Secure Configuration Baselines
Secure Configuration Baselines form an essential part of an organisations defense-in-depth cyber security strategy.
A number of recent examples of the risks associated with misconfiguration, such as unsecured sensitive company data left exposed to the open internet in Amazon S3 buckets, or default network router administrative passwords providing a means for a malicous ‘back door’ to be installed
Modern organisations of all sizes rely on a wide range of infrastructure components, middleware operating systems and applications across their business both on-premise and in the cloud.
When systems are first deployed into company environments they are typically not configured with security in mind. Out of the box, many of these components utilise weak or sub-optimal configurations that exposure these components and systems to malicious compromise or attack.
For example, all Oracle databases have historically come with a predefined account with username “SCOTT” and the password “TIGER” and many database administrators will forget to disable the account in production.
With some technologies and operating systems utilising over 300 different settings, it is easy for system administrations and infrastructure teams to leave a route in for hackers and other malicious actors, with only a single incorrect setting to provide a means for unauthorised access or a data breach.
Like a skilled chef who writes down the recipe of dishes they create for them to be perfectly re-created, secure configuration baselines are simply a means of ensuring systems and components can be consistently deployed in a safe and secure manner, in-line with a pre-determined secure state.
Our Secure Configuration Baselines Service provides the foundation of a secure by default and secure by design approach to your business, reducing the attack surface of technologies and limiting the ability for hackers to exploit weak configuration and gaining access to critical systems or sensitive business data.
Harden Your Business Against Hackers.
Request a free Secure Configuration Baselines Consultation
Overview
JAW Consulting UK will begin by working closely with your business to determine the most critical infrastructure components requiring secure configuration baselines assisting with the definition of the most secure configuration while ensuring continued operation of the business environment.
The standards delivered will then work as a ‘known good’ state for your environment, which when supported by a Security Configuration Management act as a measure for an on-going process for continued checking of a hardened state which is secure-by-default.
Key Benefits
- Provides security hardening to a wide range of systems and technologies
- Strengthen systems consistently against hackers
- Reduce the attack surface of your business from hackers and other malicious actors
- Reduce risks associated with system misconfiguration
- Ensure technologies align with internal security policies and security standard
- Alignment with CIS Secure Benchmarks and best practice vendor security hardening guidelines
- Supports compliance with PCI DSS, ISO 27001 and Cyber Essentials
- Supports alignment with international Cyber Security Frameworks such as NIST CSF, and NCSC 10 Steps to Cyber Security
Our Methodology
Step 1: Pre-Assessment Phase (Off- Site)
- Meeting with key staff members
- Walk-through of engagement activities, and agree roles.
- Review existing Information Security Policy Documents (if available)
- Review existing Information Security Standards (if available)
- Review existing Secure Configuration Baselines (if available)
- Review existing Data Classification Policy (if available)
- Review existing System Classification Policy (if available)
- Provide Key Component Questionnaire
Step 2: Key Component Discovery Workshop (On-Site)
- Discuss legal and regulatory requirements
- Hold scoping workshop with Information Security and IT Infrastructure Team (s)
- Identify key infrastructure components and critical systems
- Conduct risk assessment to prioritise key infrastructure components
- Identify key infrastructure SME’s
Step 3: Secure Configuration Baseline Gap Analysis
- Conduct a Security Configuration Compliance Scan (Optional)
- Conduct gap analysis against existing Secure Configuration Baseline documentation (if available)
Step 4: Secure Configuration Baseline Creation (Off- Site)
- Creation of Secure Configuration Baselines for all systems.
- Creation of Secure Configuration Baselines for high-risk/critical systems
- Conduct mapping against existing Information Security documentation
Step 5: Secure Configuration Baseline Review (Off- Site)
- Discuss and agree Secure Configuration Baseline settings with Information Security Team
- Discuss and agree Secure Configuration Baseline settings with IT Infrastructure Team
- Create a Secure Configuration Exemptions process and integration with organisations Risk Management Framework.
Step 6: Remediation Planning (Off-Site)- Optional
- Identify High-Risk Systems
- Identify Secure Configuration Baseline implementation mechanism (Group Policy, Scripts, Manual Configuration)
Step 7: Remediation Phase (Off-Site)- Optional
- Creation of secure hardened builds and images
- Creation of SCAP based security configuration check
- Provide advice and guidance to IT Infrastructure Teams during security hardening and remediation
Timeframe
- Total: Dependant on Scope
- Onsite: Dependant on Scope
- Remote: Dependent on Scope
Deliverables
- Secure Configuration Baseline- A fully documented set of agreed security configurations to enable the secure by default deployment of particular infrastructure components, operating system, middleware component or application.
Supported Technologies
- Windows Server Secure Configuration Baseline
- Red Hat Linux Enterprise Secure Configuration Baseline
- SUSE Linux Secure Configuration Baseline
- Ubuntu Linux Secure Configuration Baseline
- Apache Tomcat Secure Configuration Baseline
- Apache Cassandra Secure Configuration Baseline
- Apache HTTP Server Secure Configuration Baseline
- Alibaba Cloud Linux Secure Configuration Baseline
- CentOS Linux Secure Configuration Baseline
- Debian Linux Secure Configuration Baseline
- Docker Secure Configuration Baseline
- IBM AIX Secure Configuration Baseline
- Kubernetes Secure Configuration Baseline
- Microsoft Sharepoint Secure Configuration Baseline
- Oracle Solaris Secure Configuration Baseline
- NGINX Secure Configuration Baseline
- Microsoft IIS Secure Configuration Baseline
- Microsoft Exchange Server Secure Configuration Baseline
- Windows 10 Enterprise Secure Configuration Baseline
- Windows 7 Enterprise Secure Configuration Baseline
- Windows XP Secure Configuration Baseline
- Mozilla Firefox Secure Configuration Baseline
- Microsoft Office Secure Configuration Baseline
- Apple Safari Secure Configuration Baseline
- Google Chrome Secure Configuration Baseline
- Cisco iOS Secure Configuration Baseline
- JuniperOS Secure Configuration Baseline
- Palo Alto PanOS Secure Configuration Baseline
- Microsoft Azure Secure Configuration Baseline
- Microsoft O365 Secure Configuration Baseline
- Amazon AWS Secure Configuration Baseline
- Google Compute Secure Configuration Baseline
- Amazon Linux
- VM Ware ESXi Secure Configuration Baseline
- Citrix XenApp Secure Configuration Baseline
- Citrix XenDesktop Secure Configuration Baseline
- Apple iOS Secure Configuration Baseline
- Andriod OS Secure Configuration Baseline
- Microsoft SQL Server 2012 Secure Configuration Baseline
- Microsoft SQL Server 2014 Secure Configuration Baseline
- Microsoft SQL Server 2016 Secure Configuration Baseline
- IBM DB2 Secure Configuration Baseline
- Mongo DB Secure Configuration Baseline
- Oracle Database Secure Configuration Baseline
- Oracle MySQL Secure Configuration Baseline
- PostgreSQL Secure Configuration Baseline