Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the ever-evolving landscape of cybersecurity, organizations strive to safeguard their systems and data against emerging threats. Amidst this pursuit, CIS Benchmarks emerge as an indispensable resource, offering a wealth of knowledge and practical recommendations. But what exactly are CIS Benchmarks, and why are they highly regarded across industries?

South Korean cyber security organisation AhnLab has identified a breach in Microsoft SQL servers allowing deployment of Trigona ransomware. The attacks were threat actors using brute-force or dictionary attacks with obtained or guessed credentials to infiltrate externally accessible MS-SQL servers.

We recently engaged in a conversation with our team of experts regarding their ongoing server hardening project. We inquired about the obstacles encountered during manual hardening procedures and asked if they’d be willing to explain the underlying reasons for issues that arise when automation is not employed. Their latest encounter with a client provided a valuable opportunity to further expound on strategies to mitigate these challenges.

Sysctl is a command-line utility in Unix-like operating systems that allows users to view and modify kernel parameters at runtime. These parameters, also known as “tunable” or “kernel” parameters, control various aspects of the operating system’s behavior, such as network settings, memory management, file system behavior, and more. Each of these operating systems has their own implementation of sysctl, with slightly different options and syntax.

Digitally Encrypt Secure Channel Data is a security setting used for digitally securing the data that’s transmitted over the secure data channel network. The data transmitted between the domain member and the domain controller must be encrypted and secured with the latest technology to ensure that no unauthorized user gets access to the confidential data.

The Devices: Allow undock without having to log on setting on laptops and computers is extensively used to provide people with the convenience of undocking their systems without having to log on repeatedly. This comes in handy for portable devices that need to be undocked from the docking station multiple times. You can just hit the eject button and safely get your laptop away from the docking station.

Before the software is launched, it’s tested with several tools and software applications to identify bugs. “Debugging” is the process of finding and resolving errors in software or computer systems. A “debugging program” or “debugger” is a tool that helps developers identify and fix errors in their code.

A shared object refers to the code, which is shared across different programs instead of being replicated manually for each program. Here, the permanent shared objects are the codes that are bound to remain active in the system’s memory even after the program is over. The main purpose of creating the permanent shared objects is to ensure that these codes are stored in the memory and can be re-used multiple times as and when required.

Audit: Force Audit Policy Subcategory is a security policy that allows users to leverage the most accurate and advanced policy settings in Windows Vista. The current version of the Active Directory does not have a feature for managing the audit policy settings, which is why the user has to manually apply Audit: Force Audit Policy Subcategory Settings and configure it to ensure everything works well.

Devices: Prevent Users From Installing Printer Drivers, as the name suggests, is a security setting that prohibits unauthorized printer usage on specific devices. Once the setting is configured, the types and number of printers used on specific devices will be confined to the approved ones. The main purpose of limiting printer drivers’ installation and usage on workstations is to prevent people from printing unnecessary stuff, which would increase the cost of business operations.