Establishing, Implementing and Auditing Linux Operating System Hardening Standard for Security Compliance

Martin Jõgi
Regulations create challenges to the companies as they must meet tough security standards for security compliance every year. Not following security standards are making companies more vulnerable to cyber threats. This paper provides a proof-of-concept solution for being compliant with operating system hardening requirements of the company by establishing, implementing and auditing Linux (Debian) operating system hardening standard. This work will focus on building a hardened virtual machine image for Microsoft Azure platform that is compliant with the hardening standard that is established in this thesis. As it is not enough to just meet the company security compliance requirements, then there is a need to ensure auditability of it, therefore a proof-of-concept solution is built for automatically auditing the operating system hardening standard that continuously allows to validate the gap between the standard and actual configurations on virtual machines. To demonstrate the result, the author analysed virtual machines compliance state before and after implementing the new operating system hardening standard.
Graduation Thesis language
Graduation Thesis type
Master - Cyber Security
Truls Tuxen Ringkjob, Raimundas Matulevičius
Defence year