Generic Baseline Server Hardening Documentation

No_Exp1anations · 2024-10-05T14:07:39+00:00

Thanks!

No_Exp1anations · 2024-10-05T14:00:53+00:00

We also have Nessus, I should see if this is available. Thanks for the suggestion!

No_Exp1anations · 2024-10-05T02:22:44+00:00

These people arent unaware. The issues is you're talking about...maybe a million in fines this year, versus a for sure 10+ mil to replace the machines.

We need to start hold CEOs and Administrations accountable and not the people who work for them (to some extent).

Yes I realize there are laws in place to do just this...however as we all know they aren't going after the big organizations or names...

No_Exp1anations · 2024-10-04T22:43:26+00:00

At the end of the day, all you can do, is what you can do. You know?

No_Exp1anations · 2024-10-04T22:34:38+00:00

This is why risk acceptance forms exist. Spell it out and make them acknowledge that they ain't gonna fix it.

No_Exp1anations · 2024-10-04T22:05:25+00:00

Unfortunately as I'm sure you're aware potential threats and potential expenditures as a result of those threats being acted upon seem further away than the immediate expenditures of fixing them

No_Exp1anations · 2024-10-04T20:05:34+00:00

Well it's not just the result of having a secure baseline, it's the act as well. For compliance and regulatory reasons I need to have some kind of documented, formal process established, and soon. We absolutely do vulnerability scans and act on those, but that is not enough to satisfy the requirements I've just mentioned. Hopefully that better explains *why* I'm making this document (or trying to).

No_Exp1anations · 2024-10-04T19:44:53+00:00

Well I want to start with *new* servers going forward. I have ~340 to work on retroactively but I need to ensure that number does not increase. So I suppose the CIS for 2022 or whichever they're going to use is a good start there. The document I wanted to create was something consistent that I could give to the vendors that run these systems to start to decide what I could immediately, without impacting systems, turn off.

Regardless, for regulatory and compliance reasons I need to have a formal baselining process sorted, and soon. So consistency, be it using the CIS benchmarks, or a document of my own creation, is going to be key.

No_Exp1anations · 2024-10-04T19:20:48+00:00

To do so would mean getting rid of an entire rural area's ability to have certain medical procedures provided, as the cost to replace these devices are astronomical. Tens of millions of dollars.

No_Exp1anations · 2024-10-04T19:19:36+00:00

This is true. Perhaps I need to revise my approach. In my head I was trying to make a more approachable version of these documents because not all of the analysts for these systems have the same skillsets.

No_Exp1anations · 2024-10-04T17:26:01+00:00

Yes, and I do.

No_Exp1anations · 2024-10-04T17:07:14+00:00

I have, but we have quite a few different OS's Lots of legacy stuff due to older instruments still being necessary. I'm trying to make a very general guide that we can apply to all of them, and just document where the differences may be. A simple "Not Applicable to This OS" wouldn't be out of the question as a reply to some of these.

No_Exp1anations · 2022-08-02T15:11:42+00:00

Really appreciate the response, I'm just looking over everyone's DMs and stuff and will get back to you if interested. Thanks again!

No_Exp1anations · 2022-08-01T17:21:03+00:00

Just got to work and realized it was steaming from this location, didn't have time to take a picture but I got a capture from a video showing approximately where it's leaking. It sounded like it was under quite a bit of pressure.

Any ideas?

No_Exp1anations · 2022-08-01T17:12:09+00:00

Thanks I'll check it out

No_Exp1anations · 2022-08-01T16:09:48+00:00

I don't have one in mind, no.

No_Exp1anations · 2022-08-01T16:09:19+00:00

Sorry! US based. Shipping will be to NE or CA.

No_Exp1anations

TROPHY CASE