![]() It is the most extensive and quickest method to perform a security audit. That is, when your goal is to secure your IT environment. We believe that for most companies specialized auditing tools are the best option available. If you have the right platform, it might be good fit for your environment. OpenSCAP is a great alternative, however only works when all Linux distributions would properly embed it by default. However, they are time-consuming and we love to save time where we can. We love CIS benchmarks, hardening guides and security tips. This way of working clearly will result in better security defences in the long run. Instead of doing a one-time hardening exercise, it’s better to look for improvement all year round. Security is not a product, but a delicate process. This results in improving your environment step by step. The big benefit of using an auditing solution is the focus on continuous auditing. Lynis has been extensively tested on Linux, BSD, macOS, and other Unix-based platforms. It is available for free and no installation is needed. AuditingĪnother alternative to SCAP is the usage of specialized auditing tools, like our own open source tool Lynis. Easy of use is definitely a characteristic we value high in software solutions. While everything is available as XML based documents, the format and structure is not really friendly for the average user. Each “checklist” has to be defined in a policy document. The biggest issues with SCAP are, portability, easy of use and supported platforms. While this is a great step in the right direction, there are still some flaws though. This open source software helps with automated testing of security controls. OpenSCAPĪnother great way opposed to manuals and guides is the usage of SCAP (Security Content Automation Protocol) or more specifically OpenSCAP. As an after-thought, hardening guides are then used to “fix” the security gaps on the system. Still, they often forget to implement proper system hardening. We clearly love open source, so let’s have a look at some alternatives! Focus on AutomationĬompanies want to be more agile, using cloud technology, automation tools for configuration. For smaller companies, this license is pretty expensive though. With the right membership, you are entitled to download their tooling. Unfortunately, this is not a free download. But in the end, we believe CIS is one of the few who provides proper quality guides and they definitely help many companies around the world.īeside the benchmarks and embedded scripts, CIS has their own auditing tool. Sometimes a control might be too strict, and sometimes it simply is not enough to protect your precious resources. For example, if you have different demands for your environment, you still have to consider each item in the guide. This clearly improves the quality of the guides, but can also be a flaw. In other words, teams with security professionals who have discussions to decide what kind of advice is suitable for most environments. These professionals are people usually working for multinationals and consultancy firms and commonly named subject matter experts (SME) in their specific field of expertise.ĬIS uses “consensus teams”. These benchmarks are available for most common platforms available, like Windows, several Linux distributions, Solaris, and others.ĬIS have their own staff and get additional help from seasoned professionals. They create extensive hardening guides, named CIS benchmarks. CIS Benchmarksīack to the friendly people from CIS. After all, you want to safeguard your earlier work, avoiding someone performing an “undo” on it. For example, caused by an unaware developer or colleague. This time is better spent on the hardening itself, right? Secondly, using tooling we can quicker detect newly introduced security weaknesses. ![]() It helps in automating repeating tasks, saving precious time. To save time on reading extensive hardening guides, we suggest our users to use proper auditing tooling instead. Unfortunately, time is something we can spend only once, making it a scarce resource. It involves many small steps, followed by even more testing and troubleshooting. But who has the time to read it cover to cover, and apply every single step? In this article, we have a look at the alternative: open source auditing tools. Hardening guides, and the CIS benchmarks in particular, are a great resource to check your system for possible weaknesses and conduct system hardening. An alternative to CIS Benchmarks and hardening guides ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |