The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Hardened Images from the Center for Internet Security on Oracle Cloud Marketplace

Andy Tael
Senior Principal Solutions Architect

A single operating system can have over 200 configuration settings, which means that hardening an image manually can be a tedious process. Want to save time without risking cybersecurity? Use a Center for Internet Security (CIS) Hardened Image. CIS Hardened Images are preconfigured to meet the robust security recommendations of the CIS Benchmarks.

Oracle Cloud Marketplace currently offers customers the ability to use the CIS Hardened Images for Microsoft Windows, Ubuntu, CentOS, and Oracle Linux.

The Center for Internet Security builds their Hardened Images from the recommendations in the CIS Benchmarks. CIS Benchmarks are a set of configuration guidelines designed to reduce cybersecurity risks to IT systems. A community of public and private security professionals, the CIS community develops the CIS Benchmarks through a consensus-based process.

The CIS Benchmarks provide prescriptive guidance for securely configuring Microsoft Windows. Ubuntu, CentOS, and Oracle Linux. The Benchmarks includes over 350 configuration recommendations specific to the operating systems. CIS updates the CIS Benchmarks as threats evolve. Updates can vary depending on the community and the major release schedule of the technology the CIS Benchmark supports. CIS Hardened Images are patched monthly for vulnerabilities and any changes from the CIS Benchmark.

Using CIS Hardened Images for virtual machines (VMs) is a great way to meet certain aspects of compliance frameworks, like PCI DSS or FedRAMP, that require organizations to establish and manage a secure configuration of IT assets deployed in the cloud. Oracle customers deploying in Oracle Cloud Infrastructure (OCI) can use the CIS Hardened Images to reduce their overall cybersecurity threats on OCI. For example, JD Edwards deployments on Microsoft Windows 2019 can benefit from the added security afforded by the CIS Hardened Image for Microsoft Windows Server 2019.

At only $0.02 per virtual server hour (January 2021), not including the cost of the VM itself, all these images are a cost-effective way to reduce security threats.

What is the Center for Internet Security?

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through their core competencies of collaboration and innovation.

They’re a community-driven nonprofit responsible for the CIS Controls and CIS Benchmarks, globally recognized best practices for securing IT systems and data. CIS leads a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Their Hardened Images provide secure, on-demand, scalable computing environments in the cloud.

Oracle Cloud Marketplace and CIS Hardened Images

Most CIS Benchmarks include multiple configuration profiles. A profile definition describes the configurations assigned to benchmark recommendations.

The Level 1 profile is considered a base recommendation that you can implement promptly and is designed to not have an extensive performance impact. The Level 1 profile benchmark intends to lower the attack surface of your organization while keeping machines usable and not hindering business functionality.

The Level 2 profile is defense in depth and is intended for environments where security is paramount. If not implemented appropriately or without due care, the recommendations associated with the Level 2 profile can have an adverse effect on your organization.

The following CIS Hardened Images are available on the Oracle Cloud Marketplace, as of January 2021:

  • CIS CentOS Linux 6 Benchmark-Level 1

  • CIS CentOS Linux 7 Benchmark-Level 1

  • CIS Microsoft Windows Server 2012R2 Benchmark-Level 1

  • CIS Microsoft Windows Server 2012R2 Benchmark-Level 2

  • CIS Microsoft Windows Server 2016 Benchmark-Level 1

  • CIS Microsoft Windows Server 2016 Benchmark-Level 2

  • CIS Microsoft Windows Server 2016 Benchmark-STIG

  • CIS Microsoft Windows Server 2019 Benchmark-Level 1

  • CIS Microsoft Windows Server 2019 Benchmark-Level 2

  • CIS Oracle Linux 6 Benchmark-Level 1

  • CIS Oracle Linux 7 Benchmark-Level 1

  • CIS Oracle Linux 8 Benchmark-Level 1

  • CIS Ubuntu Linux 16.04 LTS Benchmark-Level 1

  • CIS Ubuntu Linux 18.04 LTS Benchmark-Level 1

  • CIS Ubuntu Linux 20.04 LTS Benchmark-Level 1

The Oracle Cloud Marketplace listings are also available in US Gov and US DoD regions. CIS provides one of the first non-Oracle listings available in those regions.

How do I use a CIS Hardened Image?

All the listings are easily deployed into your tenancy. It takes the following simple steps:

  1. From the hamburger menu in the top-left corner, select Marketplace, then Applications.

    A screenshot of the Marketplace menu expanded to Applications and Accepted Agreements.

  2. On the right side, select Center for Internet Security in the Publisher list.

    A screenshot of the Publisher list with Center for Internet Security highlighted.

  3. Select your favorite CIS Marketplace listing. I chose CIS Ubuntu Linux 18.04 LTS Benchmark 1-Level 1.

    A screenshot of the CIS Level 1 option in the All Applications section.

  4. Select the compartment you want to deploy, the image, accept the terms of use and partner terms and conditions, and click Launch Instance.

    A screenshot of the compartment and image details, showing the price per instance, box to accept the terms of use, and the blue Launch Instance button.

  5. You can now launch the VM as you usually do, but with the security of a CIS Hardened Image.

Explore more

Learn more about setting up and operating a secure environment in Oracle Cloud Infrastructure!

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha