• EN

Hardening OS for repositories and Veeam Servers

  • 23 December 2021
  • 3 comments
  • 111 views
BertrandFR
Userlevel 7
Badge +8

Hello,

I’m wondering what are you using for hardening Operating System?

In my company we’re using:

https://www.open-scap.org/ for Linux with profils from french cybersecurity agency

https://docs.microsoft.com/fr-fr/windows/security/threat-protection/security-compliance-toolkit-10 for Windows

I am convinced that hardening should be mandatory in production, don’t be afraid to deploy it with your images. It works very well for Veeam Servers.

PS: You should never deploy the hardening after deploying the app, you could meet horrible bugs.

3 comments

wolff.mateus
Userlevel 7
Badge +11

Hello @BertrandFR!

 

Here on a big customer, we use CIS solution: https://www.cisecurity.org/

It has images to Windows/Linux with a variety of versions OS systems.

Sometimes that VM ‘’is born’’ hardened. It means that hardening is done soon after operating system installation.

In other times hardening is done only when all Veeam applications was configured. Yeah, on the firsts hardened VM I have some troubles, now it's everything ok.

 

 

 

IT Lover | Veeam Vanguard | VUG Leader | Blogger
MicoolPaul
Userlevel 7
Badge +20

Hello @BertrandFR!

 

Here on a big customer, we use CIS solution: https://www.cisecurity.org/

It has images to Windows/Linux with a variety of versions OS systems.

Sometimes that VM ‘’is born’’ hardened. It means that hardening is done soon after operating system installation.

In other times hardening is done only when all Veeam applications was configured. Yeah, on the firsts hardened VM I have some troubles, now it's everything ok.

 

 

 

I’d like to add my experience of CIS. At my previous job we tried to use Level 1 as a baseline for our infrastructure and we had difficulties working with our CRM vendor trying to operate their code on such a platform. It can be taken one of two ways, either that their code was doing something less secure that could’ve caused compromise to the server, or that the baseline isn’t tested with anything other than core Windows roles and your mileage will definitely vary.

 

We had zero interest from the CRM provider to investigate the issues and unfortunately depending on your vendor you may have the same issues.

Michael Paul - #VeeamLegend | #VeeamVanguard | Veeam Certified Architect | VMware vExpert | https://micoolpaul.com | Twitter: @MicoolPaul | Mastodon: @micoolpaul@masto.nu | Bluesky: @micoolpaul.bsky.social
marcofabbri
Userlevel 7
Badge +13

Regular updates and patches.

No superfluous services.

Less privileges users.

Security endpoint solutions with relative agents.

Logging. Logging. Logging. (with his voice)
 

 

Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it

Comment


Terms & Conditions