Stupid security guys! They only know concepts and has no technical knowledge about their technical field. They just read some documentations. But most important steps of having security is applying configuration and reviewing current configuration. Also, they have no idea that what are they doing on servers and client. CIS benchmarks are reference for hardening most popular operating systems, but you cannot apply the desired configurations in large scale of servers or clients without using some tools.
What’s CIS Benchmark?
CIS (Center for Internet Security) Benchmarks are a set of industry-standard best practices and guidelines that security professionals. Organizations use to secure various computer systems and networks. The Center for Internet Security develops these benchmarks in collaboration with experts from government, academia, and security vendors. They provide detailed configuration recommendations and security settings for a wide range of operating systems, applications, and devices.
The benchmarks aim to improve security by outlining specific security configurations and settings that organizations should implement. They help protect systems against known vulnerabilities and common attack vectors. The benchmarks cover topics such as operating system hardening, network security, access control, logging and monitoring, and more.
Organizations can enhance their security posture by implementing the step-by-step instructions and recommendations provided in the CIS Benchmarks. By doing so, they can reduce the attack surface and comply with industry best practices and regulatory requirements.
It’s important to note that the CIS Benchmarks are regularly updated. Update to address emerging threats, new vulnerabilities, and changes in technology. To access the most up-to-date benchmarks for specific systems or applications, it is advisable to consult the official CIS website at https://www.cisecurity.org/.
Should We Apply All CIS Benchmark Configurations?
I go with big NO. Because some security configurations have impact on your services, and you can customize configurations or ignore some of them. But applying configurations and testing services is the best way to find the answer.
Applying configurations and impact on services is one of challenges and may be not the biggest challenge.
Applying CIS Benchmarks on Operating Systems
When you are working with some idiot managers, the biggest challenge would be applying configurations on large-scale of servers or clients.
They didn’t allow to use Active Directory or some endpoint management software because of some reasons that I still don’t understand.
How can we solve this big challenge in large-scale environments?
Using Scripts for Applying CIS Benchmarks
Unix-Like operation systems such as Linux supporting scripting langu
