NNT is a proponent of ensuring that systems are fit for purpose, the art of configuring a system to be as secure as possible. In order to aid our customer’s in this endeavour, we utilize the research carried out by the Centre for Internet Security (CIS).
The sole purpose of the CIS is to build and maintain a collection of secure configurations for all manner of system types and therefore if you are looking to improve the security of your environment, the CIS guidelines are an excellent place to start.
For more information on the CIS guidelines, please review the CIS benchmark page on the NNT website where example hardening guidelines can be downloaded.
Users of NNT Change Tracker are able to utilize the fantastic work carried out by the CIS in the form of scheduled reports. Systems brought under the monitoring umbrella of NNT Change Tracker will automatically be assessed against the CIS guidelines, providing a quick and easy solution to discovering how secure your environment really is!
Figure 1 - Windows 2012R2 Compliance Group.
As you can see from the above screenshot, reports are run against all devices within a group, Windows 2012R2 in this case, and a percentage score is supplied. This percentage indicates how compliant each system is in accordance with the CIS guidelines, pretty useful! The report detailed can be viewed for each system, identifying which elements of the system’s configuration settings can potentially be improved. All reports can also be exported into a variety of formats for further review.
Figure 2 - Detailed system report and export options.
The reports are enlightening if you have never performed system hardening before you will be impressed with how much you can improve your system’s security posture with a few simple changes.
Once you are comfortable with the reports and the information provided, a Task List report, which details all failures across the group, can be found within the blue Compliance tile.
Figure 3 - Task List option in Compliance tile
Using the task list option you will be able to select a report run timeframe, effectively one of the columns on the compliance screen and export the report into a pdf, Excel, or CSV format.
Figure 4 - Export format
Figure 5 - Select a report run-time frame.
Figure 6 - export options for task list reports
With the task list information exported, we can then start to review which systems within our environment require attention. For example, I can use the filtering options available in Excel to discover which of my systems have failed the CIS guideline for the setting ‘access this computer from the network’.
Figure 7 - Failures on a per rule.
Within the details of the report are the remediation steps for each of the failures, directing you to the setting within group policy or directly on the server.
Figure 8 - Remediation steps.
In summary then, the CIS documentation is an excellent resource to assess the security of your IT infrastructure, a function that is easily achieved when used in conjunction with NNT Change Tracker’s scheduled report and export options.
If you have any questions on the subject of hardening, then we would love to hear from you. If you are already an NNT customer then you’ll be able to contact your support representative. If you are not an NNT customer, why not ask any questions via our contact NNT page on the website.