Security Ripcord

Although I have been a big fan of the Center for Internet Security for a long time, I just recently started helping with some of their benchmarks. Actually, the only one that I have contributed to so far is the CIS Level 1 Benchmark for Virtual Machines. Currently, there are two documents associated with this benchmark.

• The first is a General document (CIS_VM_Benchmark_1.0.pdf) that discusses the basic ins and outs of virtual machines. It covers the basic components as well as the common threats that occur across the various types of virtual machine environments.
• The most recently updated document covers the VMware ESX Server (CIS_VMware_ESX_Server_Benchmark_1.0.pdf). This document is geared towards administrators and includes configuration settings and scripts to assist with administration and security tasks.

As with all of the benchmarks provided by CISecurity these are works in progress. As Chris Hoff stated in his post

We’ve still got a ton of stuff that didn’t make the deadline cut-off for the first version of the document in follow-on iterations, but it’s a good start.

The management at CISecurity set a very tight work schedule for their benchmarks, especially new projects. The goal is to get the information available, get others interested in the standard, and get those people to contribute their findings and updates to help move the standard forward. This might initially seem aggressive, but when you take vendor updates into consideration you start to realize that if you try to hold off and make each one perfect you will never catch up.

So, if you are interested, contact CISecurity and volunteer your time to this or other projects. New projects are always in the works. The most recent one that I have been made aware of is a Check Point benchmark. Of course you can always jump into a current project and start to help. Actually, the Apache and Exchange 2007 projects are looking for immediate assistance. Even if you don’t think that you can provide very much input, teams can always use help with proof reading in addition to testing and updating scripts to work with the most recent software releases.

Go forth and do good things,
Cutaway

CISecurity, VMware, Apache, Exchange, Security Ripcord, Chris Hoff, Virtual Machine

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.