Hardening is a process of limiting potential weaknesses that make operating systems vulnerable to cyber-attacks. More secure than a standard build, hardened deployments reduce operating system vulnerabilities to help protect against denial of service, unauthorised data access, and other cyber threats. We recommend that you implement an industry-standard configuration that are broadly known and well-tested, such as Microsoft, DISA or CIS baselines, as opposed to creating a baseline yourself. This helps increase flexibility and reduce costs.
Microsoft Windows Baseline is entry level security to provide additional levels of protection to base installations of Windows. While Microsoft provides a level of security with ‘out of the box’ default deployments, interoperability with legacy systems trumps overall security, hence these additional security enhancements.
The National Cyber Security Centre (NCSC) provide end user device (EUD) security guidance suitable for enhancement to baseline security to a wide variety of devices. This is part of a wider framework that covers 12 EUD security principles.
Centre for Internet Security (CIS) Hardened builds are secured to either the CIS Level 1 or Level 2 of the CIS Benchmark profile. A Level 1 CIS Benchmark profile meets minimum and essential security requirements, while a Level 2 profile provides more advanced settings for situations where security is paramount.
Defence Information Systems Agency (DISA) is the entity responsible for maintaining the security posture of the Department of Defence (DoD) IT infrastructure in the US. These standards are widely accepted globally as a trusted security standard and mandated in the US in the DoD supply chain.
These standards are also referred to as Security Technical Implementation Guides (STIGs). Our hardened builds are created to defined standards that are widely accepted and used worldwide. CIS, NCSC or DISA standards are often required as a baseline for secure operational environments within the UK such as Critical National Infrastructure (CNI).
Hardened builds help mitigate the common threats of denial of service, insufficient authorisation, and overlapping trust boundaries threats.
Hardened images are publicly available on cloud providers such as AWS, Azure, Google and Oracle. SolutionsPT optionally offers this same assurance for hardware that is ordered and supplied by us with an operating system. You can be assured that our products are ‘secure by design’ which is what makes us different.
Addressing vulnerabilities and weak ‘out of the box’ configurations. Robust security configuration without having to rely on 3rd party solutions
Assurance levels suitable for most OT deployments
Publicly available standard that adapts to changes in best practice
CIS/NSCS/DISA standards are required in for certain CNI verticals and regulated sectors, these standards suit the needs of a secure and digital United Kingdom.