Gold Image and Baseline Configuration Standard
Being the victim of a cyber-attack can be scary, expensive and potentially business-crippling.
So how do you prevent a cyber-attack? Start with making security a priority for all IT operations, and the first place to start is by making systems as ‘hacker proof’ as possible:
Gold Build Standard? Corporate Build / Hardened Build? Controlled Image? Baseline Configuration? You’ll find the need for a Gold Build Standard in all compliance frameworks (for example, NIST 800-53 CM-2 and CM-3, CIS Control 5.2, PCI DSS Requirement 2 and especially NERC CIP 007-3 and 010-3) as a means of guaranteeing security. Without a consistent build how else can you expect security to be maximized?
A Hardened Build standard encompasses the following:
- Functionality and features are reduced to the minimum required,
- Open logical network ports are cut back to just those that are necessary
- Only essential applications are included, and these must be fully patched
- Hardened configuration settings are applied to further reduce the Attack Surface
The same methodology should be applied to everything deployed, not just servers, desktops and applications, but the underlying infrastructure too, from the network devices to the underlying cloud, container or hypervisor platform.
In fact anything that is network-accessible and is controlled by software and configuration settings is potentially vulnerable to attack, which is why industrial control systems and any other operational technology must now be managed with security as a priority
NNT make the entire process of creating a Hardened Build Standard, then baselining and tracking configuration drift a ‘Business as Usual’ process.
In addition to an unlimited supply of published hardened build standards, such as the Center for Internet Security (CIS) Benchmarks or the DISA Security Technical Information Guides (STIG), now with NNT Change Tracker, any device can be used as a ‘Baseline Source’ and the specific configuration attributes required for your Baseline can be captured to create your own Gold Build Standard blueprint.
A simple Wizard UI walks you through the process so anyone can be building their own Baselines within minutes!
Simple, UX-driven workflows make the personalization and maintenance of a Gold Build Standard straightforward, providing all the flexibility required to promote changes to the Baseline as they are required.
For example, following routine patching where not just product versions may change, but also the associated open ports and underlying filesystem, registry and configuration settings, you decide if you want to ‘promote changes to the baseline’. You can also assign basic logic to the promoted changes to either replace or extend the Baseline.
Of course the process is anchored in security best practices – permissions for users are controlled for all stages of baseline promotion, editing and creation, and all with a detailed, automated audit trail of who, what, when and why.
Any Baseline Image can be re-used to benchmark other systems to ensure consistency, or to evaluate drift over time.
You can even go back in time and see how the Baseline Image has been modified over time using NNT’s unique 4D Change Control, providing a timeline of changes to any configuration dimension
Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.
Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.
Access CIS Resources
Access a broad range of CIS Benchmark reports to audit your enterprise and continuously monitor for any drift from your hardened state.
Download Reports »
Server Hardening Resources
Download Hardened Services checklists, derived by NNT in conjunction with Microsoft, to manually audit your servers for compliance.
Download Checklists »
Audit Policy Template Resources
Gain access to audit policies derived from the Center for Internet Security to generate audit logs on all relevant security levels.
Download Audit Policies »