Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.”  In football, as in life and IT Security, starting with the basics is the most important step you can take. Don’t assume anything.

So, let us begin with the basics.

CIS is the Center for Internet Security. In Tripwire terms, what does CIS mean?

There are two “kinds” of CIS used by Tripwire:

  • The 20 Critical Security Controls, which is a prioritized framework for implementing IT Security. It is essentially THE standard of care for IT Security.
  • And then, there are the CIS recommendations for how to securely configure various servers, laptops, desktops, network devices, databases, domain controllers, virtual infrastructure, applications and cloud accounts.

Getting to know the CIS Controls

The CIS Top 20 Critical Security Controls give you a set of steps. Start from the top, and work your down the list, adding layers of security along the way. They start with the basics. Knowing what is changing in your environment and how things are configured are two very basic parts of the 20 Controls.

The CIS recommendations for how to securely configure assets is used by Tripwire to guide you in terms of how to configure various software packages in a secure way.

For instance:

  • Logon
    • Success and Failure
    • This test verifies that ‘Logon-logoff: Logon’ events are being recorded on success and failure.
    • This setting supports information confidentiality and system integrity by providing evidence of potential brute-force (i.e. password-guessing) attacks against a given account.

Each OS and application has configuration settings like “Login Success and Failure” that have (Read more...)