With the rapid rise of cloud computing, traditional in-house application and service deployments have been replaced by virtualization. Currently, corporations can save money by renting hardware from companies like Extreme Compute and creating virtual servers with the exact hardware characteristics needed to execute their services. But cloud security is just as crucial as on-premise security. System hardening, just like on physical servers, can help reduce cloud security risks.
Learn more about system hardening and how to implement it in the cloud:
System Hardening
A system's configuration and settings are secured to reduce IT vulnerability and the risk of compromise. System hardening removes as many security vulnerabilities as possible from the computer by uninstalling any non-essential software packages and utilities. Minimal use of non-essential apps reduces the chances of viruses or attackers infiltrating your IT system.
What Hardening advice should i take?
The CIS Benchmarks — configuration baselines and best practices for securely setting a system – are highly recommended.
In an on-premises system, group policy for Windows and configuration management tools like Puppet and Chef for Linux apply security recommendations like the free CIS Benchmarks. In the cloud, however, enterprises can either pre-harden their server images using CIS hardening recommendations or purchase CIS hardened images from marketplaces.
Once the image is hardened, it can be further secured by integrating your organization's security software, such as antivirus and change detection solutions like NNT Change Tracker. These CIS Hardening Images make cloud security easy and economical.
How can I harden instances now?
Organizations can help secure critical data in the cloud right now. Several cloud providers have identified techniques to harden your instances, including:
- Least Access: Limit network and instant access, install essential OS components and programmes, and use host-based protection software.
- Least Privilege: Define the minor set of privileges required by each server.
- Setting up a baseline server configuration and tracking each one as a configuration item. Examine each server against the current baseline to spot any variances. Assure that each server can generate and securely store log and audit data.
- Create processes to control server configuration updates.
- Audit Logs: Audit instance access and updates to ensure server integrity and only permitted changes are made.
How do I begin a cloud hardening initiative?
Using the cloud allows you to pre-build images for your systems. For temporary or permanent resource needs, images can be started to take over. According to the CIS criteria, these images can be hardened, and NNT, as a CIS partner, can give advice and remedial skills to support the hardening project. NNT can immediately set a system using the CIS Remediation Kits before saving the image.
Also, part of the image customization should include installing management tools to prepare for system monitoring once the image is started. Ensuring that a system's life cycle is monitored for adherence to the hardening standard and deviations from that hardening posture recognized in real-time requires tools that cloud vendors like Extreme Compute can provide.