Quick Windows Hardening with Infrastructure-as-Code – Chef and Inspec
CIS, Center for Internet Security, publishes prescriptive system hardening documents which provide guidance for establishing a secure system configuration on platforms such as Windows. Usually, their Windows hardening documents are over a hundred pages long and would take a long time to perform hardening manually by one person. Thankfully, there is an Infrastructure-as-Code configuration management approach, e.g. the one introduced below leveraging Chef and Inspec, to achieve automation of the hardening process and validating the results. Figure 1. Content of harden_winrm.rb, with references from CIS sections as an example of Chef recipes. (This one is from MattTunny/windows_hardening GitHub repository) Instead of demonstrating the power of infrastructure-as-code fully, this quick post only aims at introducing the concept by leveraging Chef hardening recipes found on the Internet, showing the steps to perform Windows hardening on a single local machine quickly, which may suit o...