How to approach baseline hardening?

By Roy, on May 4th, 2016

Why server hardening is critical for the enterprise?

Server hardening is essential for security and compliance.  To ensure reliable and secure delivery of data, all servers must be secured through hardening. Server hardening helps prevent unauthorized access’ unauthorized use and disruptions in service. It is an essential part of installation and maintenance of servers that ensures data integrity, confidentiality and availability.

Hardening the IT infrastructure from servers to applications

Why most servers are enforced with poor policies?

While the requirements for Server hardening comes from IT security and compliance teams, the actual work is performed by the operations teams. The process required to achieve proper server hardening involves intensive manual work for testing the policy impact in a lab environment in order to make sure hardening the servers won’t cause damage to production operations. for IT operations, the primary concern is keeping all business operations running therefore they face a conflict with the security requirement of hardening servers.

Because it’s so hard to properly harden servers without causing downtime, operating system and application misconfigurations are commonly seen, creating security flaws. This means it can be days or even weeks between the changes in recommendation of configuration hardening, release of updates to the actual implementation. in the meanwhile, the organization is exposed.

 

For your enterprise this means:

  • Exposure to Vulnerabilities due to servers which are not properly configured and hardened
  • Compliance breaches, as servers are not aligned with compliance requirements
  • Exposure to auditors fines and comments

 

The top reasons why enterprise servers are not properly hardened: 

  • Testing must be performed before hardening servers. hardening the servers without testing, simulating and performing a learning process can be risky to day to day operations. Testing requires large investment of manual work.
  • Any user with administrative rights can change the configuration of a hardened server, causing configuration drifts and non-compliant servers.
  • Multiple policies and environments are difficult to manage.

 

How CHS Addresses the Challenge:

CalCom Hardening Solution (CHS) for Microsoft OMS is a server hardening automation solution designed to reduce operational costs and increase the server’s security and compliance posture. CHS eliminates outages and reduces hardening costs by indicating the impact of a security hardening change on the production services. It ensures a resilient, constantly hardened and monitored server environment.

Benefits:

  • Deploy the required security baseline without affecting the production services.
  • Reduce the costs and resources required for implementing and achieving compliance.
  • Manage the hardening baseline for the entire infrastructure from a single point.
  • Avoid configuration drifts and repeated hardening processes.