What is Image?
Virtual machines (VMs) in cloud are created from a template called a virtual server image.
Virtual images can be sun up on cloud providers to do computing operations without purchasing hardware or software.
what’s hardening?
Hardening is the process of strengthening a system to reduce the exposure surface and attack vectors using different tools and configurations.
What is CIS and Benchmarks?
CIS stands for the Center for Internet Security Standards, is the industry standard for secure configuration guidance and standards.
CIS has exhaustive security controls to strengthen operating systems. These controls are divided into two levels:
- Level 1 (L1): It is considered a basic recommendation that can be implemented fairly quickly and is designed not to have a major impact on performance. The aim is to reduce your organization’s attack surface while keeping machines usable and not hampering business functionality.
- Level 2 (L2): It is considered “defence in depth” and is intended for environments where security is essential. Recommendations associated with the Level 2 profile can have an adverse effect on your organization if not implemented properly or without due care.
CIS provides scripts in Python to provide solution to these controls and ensure that you comply with the regulations. (?)
Customize Scripts
There is a problem with the scripts provided by CIS, that is the configuration of the operating system from which they start differs from the configuration of the AWS or Azure instances.
Therefore, for each cloud provider and OS, the scripts need to be manually tuned, to detect if a control corrupts instance.
An image after executing a fine-tuned script will have more passed security controls and is called hardened image.
Ref:
ClearDATA Hardens Images to Protect Your Environment
🔥 https://medium.com/swlh/hardening-images-on-cloud-b4269944ee6c
Yujin's Amusement Park 