Automation of Server Security Assessment

Abstract: While system hardening concepts are general, one of the leading causes of the breaches is human error in the misconfiguration. Depending on the type of hardening, different tools and techniques are used. The whole lifespan of technology, from initial installation through setup, maintenance, and support, to end-of-life decommissioning, necessitates system hardening. Additionally, mandated by regulations like PCI DSS (Payment Card Industry Data Security Standard.) and HIPAA (Health Insurance Portability and Accountability Act), systems hardening is something that cyber insurers are increasingly requesting. This paper explains how to automate server security assessments using an ansible agentless framework and utilize them to continue security audits and compliance evaluations throughout risk assessments. The technique and ideas discussed in this paper are more effective when the server environment is undergoing continual change.
Keywords: Linux Server, Automation, Security Assessment, Compliance, Server hardening
Presented in: International Conference on Circuits, Control, Communication and Computing (I4C – 2022)