As we’ve discussed previously, a host compliance audit is an assessment of the configuration of a particular system (workstation, server, or network device) or set of systems. The configuration settings are compared to published security standards, industry best practice, and the security engineer’s experiences to highlight potential vulnerabilities and misconfigurations that result in risks to your organization. To avoid having a larger list of action items coming out of this type of assessment, we wanted to highlight some good ways to “prepare” for a host compliance audit and just all around good practices to better the security posture of your organization. Doing these things will help knock out some of the low hanging fruit we’re constantly seeing:
Use a Best Practice Standard as a Baseline
This is kind of the starting point for any organization’s hardening processes. By picking and applying a best practice hardening standard (the CIS Benchmarks are a great place to start), you establish a baseline for security by leveraging a proven set of configurations. Then, with a baseline, you can document deviations and exceptions as necessary to gel with how your organization works. Most of the time, using a best practice standard for your network devices, host systems, and group policies will knock out more of the vulnerabilities and common attack vectors from your network than you realize. While they aren’t a silver bullet, it will certainly improve the results of a host compliance audit and probably any penetration testing you’re having performed, as well.
Update Software on a Regular Basis
This probably seems like common sense and may be something you’re already doing in your organization, but one of the most common things I report on host compliance audits is firmware/software patching issues that result in vulnerabilities with a system. Just by having good hygiene with your patching process and keeping devices on your network up-to-date, many nasty vulnerabilities and general software bugs are taken care of.
Incorporate Remediations from previous Host Compliance Audit into your Hardening Process
A lot of times, normal vulnerability management processes and penetration testing results will uncover a ton of different configuration issues. Many of these issues are addressed to fix the associated weaknesses. But it surprises me how many organizations don’t push those fixes down the chain to their hardening processes to avoid re-introducing them into the environment. You can improve the results of a host compliance audit just by fixing issues that have been identified through other avenues.
Whether you’re already doing all these things or not, a host compliance audit is a great to understand where you’re at currently, identifying risks in both device configurations as well as the associated processes. Known risks can be understood and managed, whereas unknown risks can’t be addressed or handled in any way. For a truly holistic view of your organization’s network and overall risk, host compliance audits and a strong understanding of your hardening process are crucial.