Policy-driven Windows security automation

Abstract

This work describes an application created to ease the implementation of security policies suggested by the Center of Internet Security (CIS), a non-profit institution integrated by numerous enterprises and government agencies. The developed system focuses attention on the hardening of Windows Server systems, offering both a command-line and graphical user interface, allowing its use in systems with a graphical environment, but also in those without it. Thanks to this application, the user can obtain information of the different security controls (also known as checks), specify the hosts to analyze, and based on the knowledge gathered decide which 14 aspects of the system security should be audited, checking the actual state and updating those policies that do not fulfill the specification emitted by CIS. The system has been developed on request of the director of the project, José Manuel Redondo López, who wants to cover a topic regarding automatic Windows hardening in the subject Information Systems Security in the Software Engineering university degree.

Este trabajo consistirá en desarrollar una aplicación que permita automatizar en la medida de lo posible una máquina Windows de acuerdo a una política de seguridad de uso internacional, permitiendo al usuario decidir qué partes securiza y qué partes no en función del perfil de uso de la máquina, su propósito u otras consideraciones que se estimen oportunas. El objetivo es que todo esto pueda utilizarse con el mayor grado de automatización posible, y que pueda extenderse a cuantas máquinas sea necesario.