As in one of my previous blog posts I re-visited the CIS website today and was very pleased to find that they had published hardening guides for Windows 8 and Windows Server 2012. These really are great guides which in my mind should be in every IT department and at least reviewed as a baseline policy for your security. Best of all, they’re completely free! If you wanted an IT consultancy to produce you some security hardening recommendations you might pay into the thousands (£’s, €’s or $’s) and you may well receive something similar to these. It really is a no-brainer to me.
The guides cover any settings that can be easily changed whether through group policy, registry or other. Not all recommendations may be suitable for all businesses but they’re there to be considered. These guides were recommended to me a few years ago by a PCI DSS Qualified Security Assessor as he used them frequently when visiting clients around the world.
Go here to see the Windows operating systems guides. It requires a quick sign up but don’t worry they won’t contact you if you don’t want them to.