Security Automation for Windows Hosts: Hardening of Windows 10 Password Policy
Ronald, Clark (2020)
2020
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2020060717542
https://urn.fi/URN:NBN:fi:amk-2020060717542
Tiivistelmä
Security automation using configuration management tools is not a new thing. These tools
can be used in many ways. One of the most common uses of configuration management
tools is to keep system settings consistent across like systems. Many times, the focus is not
security, but other general host or node configurations. The focus of this project was to
see if Ansible, a configuration management tool, is a viable tool for security automation on
Windows Hosts.
Ansible was built and designed to support configuration management for Unix or Linux
based systems. The idea of Ansible as a configuration management tool used to perform
security automation on a Windows 10 hosts is not so common. Information was gathered
on Ansible, Windows, Security Frameworks as well as other tools, and used to build a
security baseline based on NIST SP 800 53r4. The security baseline was limited to the
password policy of the Windows host.
The security baseline of controls and values for those controls were developed, then the
manual method of implementing the security controls was investigated, and finally an
Ansible script was developed to automate this manual implementation. The script
contained a compliance and configuration section. The compliance section checked the
running configuration on the Windows host to verify if it was in-line with the security
baseline and alerted if some control was non-compliant.
The configuration portion corrected any non-compliant controls so that the controls would
meet the compliant security baseline. All the controls operated in the way they were
designed. The security automation was a success.
can be used in many ways. One of the most common uses of configuration management
tools is to keep system settings consistent across like systems. Many times, the focus is not
security, but other general host or node configurations. The focus of this project was to
see if Ansible, a configuration management tool, is a viable tool for security automation on
Windows Hosts.
Ansible was built and designed to support configuration management for Unix or Linux
based systems. The idea of Ansible as a configuration management tool used to perform
security automation on a Windows 10 hosts is not so common. Information was gathered
on Ansible, Windows, Security Frameworks as well as other tools, and used to build a
security baseline based on NIST SP 800 53r4. The security baseline was limited to the
password policy of the Windows host.
The security baseline of controls and values for those controls were developed, then the
manual method of implementing the security controls was investigated, and finally an
Ansible script was developed to automate this manual implementation. The script
contained a compliance and configuration section. The compliance section checked the
running configuration on the Windows host to verify if it was in-line with the security
baseline and alerted if some control was non-compliant.
The configuration portion corrected any non-compliant controls so that the controls would
meet the compliant security baseline. All the controls operated in the way they were
designed. The security automation was a success.