Azure – CIS Hardened Images

Administration, Azure, Windows Server 1 Minute

Hi there

Did you know you have CIS Hardened Images available on Azure Marketplace o deploy on your environment?

CIS Hardened Images, also known as virtual machine images, allow the user to spin up a securely configured, or hardened, virtual instance of many popular operating systems to perform technical tasks without investing in additional hardware and related expenses. As mentioned at https://www.cisecurity.org/blog/cis-hardened-images-now-in-microsoft-azure-marketplace/

CIS Hardened ImagesĀ help organizations around the world bring the secure configurations of theĀ CIS BenchmarksĀ to the cloud. Available onĀ multiple platforms (and for over a dozen technologies), learn more about how CIS Hardened Images can help you start secure and stay secure.

Some of the common threats that can be mitigated by using a CIS Hardened Image include:

  • Denial of service
  • Insufficient authorization
  • Overlapping trust boundaries threats

The CIS benchmarks contain two levels, each with slightly different technical specifications:

  • Level 1 ā€“ Recommended, minimum security settings that should be configured on any system and should cause little or no interruption of service or reduced functionality
  • Level 2 ā€“ Recommended security settings for highly secure environments and could result in some reduced functionality.

Microsoft Azure Marketplace offers currently (May 21st 2020)

  • 17 Linux-based CIS images
  • 10 Windows-based CIS images

Quick test deployment using Windows 2019 CIS image

Version: CIS Microsoft Windows Server 2019 Benchmark L1

Admin User & Password: During this VM setup using CIS image set the default admin user with standard password “P@ssw0rd@2020”

After the VM is deployed, try to change the VM password to “P@ssw0rd@2020#” it fails

 

Create a 16 character long & strong password and updated it.
Password: 6-U26qY5UZKR&=9.Ā  generated using https://passwordsgenerator.net website

 

Log in the VM

See CIS hardening in action

UAC

Check the folder C:\CIS Hardening Report\

CIS Benchamarks – Security Configuration Assessment Report

 

There are 2 (two files) on this directory

All CIS images available on Azure marketplace

 

References

https://www.cisecurity.org/blog/cis-hardened-images-now-in-microsoft-azure-marketplace/

https://azuremarketplace.microsoft.com/en-us/marketplace/apps?search=center%20for%20internet%20security&page=1&filters=partners%3Bpay-as-you-go

https://www.microsoft.com/security/blog/2017/10/12/easily-create-securely-configured-virtual-machines/

Thanks,

Thiago Beier
TwitterLinkedInFacebookRSS

Published by Thiago Beier

IT Solutions Architect

Published