Secure Configuration Baselines form an essential part of an organisations defense-in-depth cyber security strategy.

A number of recent examples of the risks associated with misconfiguration, such as unsecured sensitive company data left exposed to the open internet in Amazon S3 buckets, or default network router administrative passwords providing a means for a malicous ‘back door’ to be installed

Modern organisations of all sizes rely on a wide range of infrastructure components, middleware operating systems and applications across their business both on-premise and in the cloud.

When systems are first deployed into company environments they are typically not configured with security in mind. Out of the box, many of these components utilise weak or sub-optimal configurations that exposure these components and systems to malicious compromise or attack.

For example, all Oracle databases have historically come with a predefined account with username “SCOTT” and the password “TIGER” and many database administrators will forget to disable the account in production.

With some technologies and operating systems utilising over 300 different settings, it is easy for system administrations and infrastructure teams to leave a route in for hackers and other malicious actors, with only a single incorrect setting to provide a means for unauthorised access or a data breach.

Like a skilled chef who writes down the recipe of dishes they create for them to be perfectly re-created, secure configuration baselines are simply a means of ensuring systems and components can be consistently deployed in a safe and secure manner, in-line with a pre-determined secure state.

Our Secure Configuration Baselines Service provides the foundation of a secure by default and secure by design approach to your business, reducing the attack surface of technologies and limiting the ability for hackers to exploit weak configuration and gaining access to critical systems or sensitive business data.

---

Harden Your Business Against Hackers.

Request a free Secure Configuration Baselines Consultation

REQUEST FREE CONSULTATION

---

Overview

JAW Consulting UK will begin by working closely with your business to determine the most critical infrastructure components requiring secure configuration baselines assisting with the definition of the most secure configuration while ensuring continued operation of the business environment.

The standards delivered will then work as a ‘known good’ state for your environment, which when supported by a Security Configuration Management act as a measure for an on-going process for continued checking of a hardened state which is secure-by-default.

Key Benefits

• Provides security hardening to a wide range of systems and technologies
• Strengthen systems consistently against hackers
• Reduce the attack surface of your business from hackers and other malicious actors
• Reduce risks associated with system misconfiguration
• Ensure technologies align with internal security policies and security standard
• Alignment with CIS Secure Benchmarks and best practice vendor security hardening guidelines
• Supports compliance with PCI DSS, ISO 27001 and Cyber Essentials
• Supports alignment with international Cyber Security Frameworks such as NIST CSF, and NCSC 10 Steps to Cyber Security

Our Methodology

Step 1: Pre-Assessment Phase (Off- Site)

• Meeting with key staff members
• Walk-through of engagement activities, and agree roles.
• Review existing Information Security Policy Documents (if available)
• Review existing Information Security Standards (if available)
• Review existing Secure Configuration Baselines (if available)
• Review existing Data Classification Policy (if available)
• Review existing System Classification Policy (if available)
• Provide Key Component Questionnaire

Step 2: Key Component Discovery Workshop (On-Site)

• Discuss legal and regulatory requirements
• Hold scoping workshop with Information Security and IT Infrastructure Team (s)
• Identify key infrastructure components and critical systems
• Conduct risk assessment to prioritise key infrastructure components
• Identify key infrastructure SME’s

Step 3: Secure Configuration Baseline Gap Analysis

• Conduct a Security Configuration Compliance Scan (Optional)
• Conduct gap analysis against existing Secure Configuration Baseline documentation (if available)

Step 4: Secure Configuration Baseline Creation (Off- Site)

• Creation of Secure Configuration Baselines for all systems.
• Creation of Secure Configuration Baselines for high-risk/critical systems
• Conduct mapping against existing Information Security documentation

Step 5: Secure Configuration Baseline Review (Off- Site)

• Discuss and agree Secure Configuration Baseline settings with Information Security Team
• Discuss and agree Secure Configuration Baseline settings with IT Infrastructure Team
• Create a Secure Configuration Exemptions process and integration with organisations Risk Management Framework.

Step 6: Remediation Planning (Off-Site)- Optional

• Identify High-Risk Systems
• Identify Secure Configuration Baseline implementation mechanism (Group Policy, Scripts, Manual Configuration)

Step 7: Remediation Phase (Off-Site)- Optional

• Creation of secure hardened builds and images
• Creation of SCAP based security configuration check
• Provide advice and guidance to IT Infrastructure Teams during security hardening and remediation

Timeframe

• Total:       Dependant on Scope
• Onsite:    Dependant on Scope
• Remote:  Dependent on Scope

Deliverables

• Secure Configuration Baseline- A fully documented set of agreed security configurations to enable the secure by default deployment of particular infrastructure components, operating system, middleware component or application.

Supported Technologies

---

Want to find out more?

To learn how Secure Configuration Baselines can harden your business systems against hackers and achieve security by default, speak with us today.

Contact Us.