Field of the Invention
The present invention relates to computer enterprise systems and more particularly to maintaining policy compliant computers in a computer enterprise system.
Description of the Related Art
In computing, hardening is the process of securing a system by reducing its surface vulnerability. This process can include reducing available vectors of attack by removing unnecessary software, usernames or logins, and disabling or removing services, which can lead to a more secure system. There are various methods of hardening systems, which can include applying a patch to the kernel, closing open network ports, and setting up intrusion-detection systems, firewalls, and intrusion prevention systems. In addition, there can be hardening scripts that can, for instance, deactivate unneeded features in configuration files or perform various other protective measures.
In the field of military networks, the “Security Technical Information Guides” (STIGs) are an example of a standard methodology for implementing and supporting technology on military networks. These STIGs can serve as a guide for hardening military networks. There can be different STIGs, each describing diverse aspects of a military network, such as the components of a compliant system, including various hardware, software, and infrastructure components, how a specific software application should be set-up and implemented to be compliant, and how a server and infrastructure may need to be hardened in order to run an application compliantly.
Currently, the only way to implement and maintain standardized computer policy (hardening) across and between enterprises is to describe the policy in a document. Some hardening policies can be extremely long—several hundred pages in length. In addition, these types of policies do not always include specification for all system components, such as structured query language (SQL) servers, .NET, or Internet Information Services (IIS). Further, some policy documents only describe the destination, but do not provide guidance on how to reach the destination. Without adequate guidance, someone, usually a system administrator or other expert, must review new STIGs, plan and strategize the implementation of the new STIGs, develop a team to implement such, hand implement and test each system, review the results, certify and approve the implementation, and then document and publish the work instructions so that technicians can implement the policy correctly on all systems. This process can take expertise, time, and money.