Everything You Need to Know About CIS Hardened Images
Chances are you may have used a virtual machine (VM) for business. If not:
A VM is an operating system (OS) or application environment installed on software that imitates dedicated hardware. It provides the same functionality as a physical computer and can be accessed from a variety of devices. Sometimes called virtual images, many companies offer VMs as a way for their employees to connect to their work remotely.
These days virtual images are available from a number of cloud-based providers. Amazon Web Services (AWS) offers Amazon Machine Images (AMIs), Google offers virtual images on its Google Cloud Platform, and Microsoft offers virtual machines on its Microsoft Azure program. All three platforms are very similar, despite the differences in name.
Working with Virtual Images
Applications of virtual images include development and testing, running applications, or extending a datacenter. Virtual images, or instances, can be spun up in the cloud to cost-effectively perform routine computing operations without investing in local hardware or software. Usage can be scaled up or down depending on your organization’s needs. By removing the need to purchase, set up, and maintain hardware, you can deploy virtual images quickly and focus on the task at hand.
Security in the Cloud
Regardless of whether you’re operating in the cloud or locally on your premises, CIS recommends hardening your system by taking steps to limit potential security weaknesses. Most operating systems and other computer applications are developed with a focus on convenience over security. Implementing secure configurations can help harden your systems by disabling unnecessary ports or services, eliminating unneeded programs, and limiting administrative privileges.
By working with cybersecurity experts around the world, CIS leads the development of secure configuration settings for over 100 technologies and platforms. These community-driven configuration guidelines (called CIS Benchmarks) are available to download free in PDF format.
CIS Hardened Images
A single operating system can have over 200 configuration settings, which means hardening an image manually can be a tedious process. Want to save time without risking cybersecurity? Use a CIS Hardened Image. CIS Hardened Images are preconfigured to meet the robust security recommendations of the CIS Benchmarks. (Note: If your organization is a frequent AWS user, we suggest starting with the CIS Amazon Web Services Foundations Benchmark.)
For the most serious security needs, CIS takes hardening a step further by providing Level 1 and Level 2 CIS Benchmark profiles. Here’s the difference:
- A Level 1 profile is intended to be practical and prudent, provide a clear security benefit, and not inhibit the utility of the technology beyond acceptable means.
- A Level 2 profile is intended for environments or use cases where security is paramount, acts a defense in depth measure, and may negatively inhibit the utility or performance of the technology.
Still have questions? Check out the CIS Hardened Images FAQ.