Home Page Solutions Regulations IT Policies

IT Policies

Print E-mail

Hardenings

The dynamic developments and changes to computer and information systems technologies that have occured in the last few years has necessitated organizations to re-evaluate and assess the way they operate. The complex and multi-user environments that were created as organizations evolved in the last decade, require them to be more aware and act in a more sophisticated manner in order to obtain optimal functionality from these technologies, while still maintaining a high level of information security. It is crucial for organizations to implement a base set of operating rules and guidelines to prevent any damage to the systems and for safe and optimal functionality of the organization.

 

Hardenings  - Setting Up Rules and Guidelines
Organizations such as CIS (Center of Internet Security), NIST (National Institute of Standards and Technology) and PCI (PCI Security Standards Council) are organizations with a main mission of assisting enterprises in understanding how they can protect themselves from risks and threats, and to reduce risks by operating according to certain security standards and controls.

Hardenings are a set of defined standards and regulations offered by these organizations. They are based on best practices gathered throughout the years by the leading IT experts in various fields of industry. These experts thoroughly researched the information security field and highly recommend the implementation of hardenings in order to achieve high level of security and operation.

The best practices include the different types of operating systems such as: Win XP, and Win 2003 Server, as well as the different systems, including: Oracle 10q, and IIS.

 

Performing out- of- the- box Hardening with Vanadium
The hardening set of rules based on best practices are gathered and are set to cover all fields of information security. The organization defines in its systems the different sets of rules such as: The length of logon password, the enabled and disabled servers for the different users in the organizations etc.


The hardening process includes different templates of hardening rules for each environment in the organization – Finance, R&D, Accounting etc.


Each set of best practices includes an average of 150 tests and checks. The challenge expressed by the organization is finding the best and most efficient way of working with the different templates since the organizational environment always includes restrictions that require amendments and adjustments to the best practices rules.

How can an organization deal with the different best practices and required amendments?
Vanadium, a fast and multi-layered solution is the answer. Being a software platform that interfaces with various operating systems, Vanadium offers an outstanding out- of- the- box solution, with a unique ability to quickly and easily adjust to the organization’s needs.

Vanadium, already defined by the different security standards such as NIST and CIS, scans the entire organization’s network and outputs a complete and detailed report that presents the gaps between the current and desired status of the network.

Regulations that are not defined in Vanadium can be set in external templates. Vanadium then imports the data from the external regulations and performs the scan of the network according to these specified regulations.

The final issued report is an in depth insight of the organization’s IT status with regard to software, hardware, and infrastructure. Furthermore, the Vanadium platform offers solution options to the gaps in the network status.


Organizational Network Policy

The data gathered by Vanadium is massive and comprehensive, and includes a complete inventory list of all the components existing on the network (USB, installed software, end users’ desktops etc.). In order to manage all the existing components and define what is or isn’t considered a threat to the network, Vanadium enables the running of a White List and Black List.
The Black List contains all the elements and components the organization defines as a threat and cannot be on the network.
The White List contains all the elements and components the organization does not consider a threat and therefore can exist on the network. The White List requires strict definition and therefore is externally defined only in certain organizations.
The Black and White Lists are defined in the Vanadium platform prior to the scan. Vanadium scans the network and issues a report detailing all the elements and components considered as threats to the network.

Flow Policy
The flow policy defines the correlation between the different groups in the organization’s IT – Finance, Accounting, Development, R&D etc.
Based on the correlation, each group is tagged with a certain level of security. The level of security defines the policy of the information flow procedure in the IT of the different groups – which groups have access or are denied access to the Internet, from which protocols certain groups can access and draw data etc.
Any activity performed by a certain group defined as prohibited appears in the network scan report as a violation and threat to the network and must be dealt with accordingly.
 
Vanadium
Unique Benefits
Learn more
about IT Policies

login