Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Auditing Microsoft Security Compliance Toolkit Baselines

Security baselines are helpful but to be sure of their effectiveness you need to perform regular audits. Here’s how you can use Tenable.io and Nessus Professional to audit the security baselines included within the Microsoft Security Compliance Toolkit.

An important portion of information security is ensuring systems and software are configured in a secure manner. If you look at the Critical Security Controls lists many organizations produce, Secure Configurations typically appear within the top 5. To support this, we have seen more and more vendors create Security Best Practices documents to help customers protect their infrastructure, such as Microsoft with the Microsoft Security Compliance Toolkit (MSCT). There are also organizations such as the Center for Internet Security (CIS) and Defense Information Systems Agency (DISA) producing best practice documents. At Tenable, we have also created Best Practice audits for some popular software.

Some of these documents contain principles (ie: Limit Administrator Privilege) vs prescriptive statements (ie: Lock-out Account After 3 Failed Logins). While both types of documents provide value to an organization, the documents with prescriptive statements are generally easier to validate compliance, as the value is either a pass or fail. Documents with principle statements are usually open to more interpretation, so audits usually require more effort to determine compliance. The Microsoft Security Compliance Toolkit provides prescriptive configurations and guidance.

What is Microsoft Security Compliance Toolkit?

Microsoft produced a set of tools so organizations can apply Microsoft-recommended security configurations to their environment. The typical method for deploying the baselines is via Active Directory using Group Policy Objects (GPOs), or individually via local policy. Also included with the baselines are spreadsheets documenting the settings.

The toolkit contains baselines for newer Microsoft Operating Systems, including:

Windows Server:

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2

Windows 10:

  • Windows 10 v1809 (October 2018 Update)
  • Windows 10 v1803 (April 2018 Update)
  • Windows 10 v1709 (Fall Creators Update)
  • Windows 10 v1703 (Creators Update)
  • Windows 10 v1607 (Anniversary Update)
  • Windows 10 v1511 (November Update)
  • Windows 10 v1507

The Windows Server and Windows 10 baselines cover the Core OS and Internet Explorer.

There is also a security baseline for Office 2016.

Why utilize the Microsoft Security Compliance Toolkit?

When you leverage the configuration baselines from Microsoft Security Compliance Toolkit, you are taking an important step to improve your security posture. There are also operational benefits to adopting the baselines. Some of these benefits include:

  • Less complex environment. When using a standard configuration, there is an expectation that all hosts with the same configuration will behave in a similar manner. The fewer different configurations you have to maintain, the easier to test and troubleshoot.
  • Leverage expertise. Most organizations don’t have the resources to completely develop and test their own security baselines. It is good practice to leverage expertise from a trusted source. They can save you a lot of time and effort in creating and maintaining baselines.
  • Better awareness. Having standard configurations is beneficial when analyzing impacts to the environment, including detection of new vulnerabilities, impact of change requests, detecting configuration drift/misconfigurations, etc.

Configuration Auditing with Tenable.io and Nessus

Security baselines are great, but to be sure of their effectiveness you need to perform regular audits. Tenable.io and Nessus Professional include recently created audits for the security baselines included within the Microsoft Security Compliance Toolkit. In addition to the benefits listed above, automated configuration auditing adds the following benefits:

  • Validate the configuration is properly applied.
  • Ensure changes to the environment have not inadvertently modified security settings.
  • Based on scan frequency, be able to narrow down the suspected window of a configuration change.
  • Greatly reduce the manual effort of performing these tasks.
  • Individual checks are mapped to several cybersecurity frameworks and standards. This information and scan history can help support evidence of compliance efforts.

Getting Started Auditing Microsoft Security Compliance Toolkit

You can get started auditing security baselines from the Microsoft Security Compliance Toolkit today. Visit http://downloads.tenable.com and select the audit file(s) for the baselines applied in your environment, then log into Tenable.io or Nessus.

These audits are simple to set up as they do not leverage variables, and the audits have platform checks built in, so each audit will only run on the appropriate OS version.

Tenable.io and Nessus Professional include recently created audits for the security baselines included within the Microsoft Security Compliance Toolkit

For example, if you have a Windows 10 environment with v1809 and v1803, you can set up a scan with both audits, and only the appropriate audit will be evaluated on the host.

Once the configuration is saved, run the scan and review the results.

Tenable.io and Nessus Professional include recently created audits for the security baselines included within the Microsoft Security Compliance Toolkit

For demonstration purposes, this scan was run against a single non-remediated host. Below is example output from one of the checks.

Tenable.io and Nessus Professional include recently created audits for the security baselines included within the Microsoft Security Compliance Toolkit

Each result contains the following information:

- Status - Pass / Fail / Warning

- Remediation steps are displayed if the check did not pass

- When possible, actual results from the system will be included

Wrap-up

If your organization currently does not follow security baselines, or you have created your own but the maintenance is a burden, it may be worth taking a look at the baselines provided as part of the Microsoft Security Compliance Toolkit. These baselines can save you a lot of effort in creation and maintenance.

Additionally once you adopt the security baselines, ensure you are performing regular audits to ensure the baselines are properly in effect.

At Tenable, we strive to regularly update our policy compliance audits to match the newest versions published by Microsoft. We also realize there are many cybersecurity frameworks available for organizations to follow, so we regularly map the checks in the policy compliance audits to various framework controls.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.