Building ZTForge, a STIG-Based System Hardening Web App
--
Introduction: STIG-Based System Hardening Web App
Help! Help! My photos are missing! Help! Help! The things are popping up everywhere! Help! Help! If you’re in Information Technology, you have heard so many cries for help. With each of these incidents leads to a larger problem. Why are so many of these happening?
Examining the architecture of a system requires a baseline understanding of hardening practices. But, what if it was made easier to implement a hardened system, or network?
Security Technical Implementation Guides (STIGs) are often considered the gold standard for system hardening. This article discusses the development of a web application that will allow system hardening to be automated using STIG benchmarks.
Sprints for ZTForge (Zero-Trust Forge)
Sprint 01: Project Planning (Week 1 & 2)
This will form the foundation to define scope, cost, and time. Objectives and resource allocation will pave the way for more sprints.
Sprint 02: Requirements Gathering (Week 2 & 3)
After the roadmap is established, compliance requirements, and STIG and SCAP guidelines will ensure a product backlog.
Sprint 03: Design and Architecture (Week 3 & 4)
- Front-end Design (Week 3)
- Back-end Architecture (Week 4)
Macroscopic views for overall design and architecture will keep this user-friendly and robust. Wireframes, and mockups will keep the user interface (UI) looking good. The scalability and security will follow Zero-Trust Architecture principles.
Sprint 04: Core Features Development (Week 5, 6, & 7)
- User Authentication (Week 5)
- STIG Category Filters (Week 6)
- Toggle Switches (Week 7)
- Real-time Monitoring (Week 7)
Core features for ZTForge development will allow secure user mechanisms, and other product features.
Sprint 05: Back-end Technologies (Week 6, 7, & 8)
- Database (Week 6)
- Server (Week 7)
- APIs (Week 8)
This iteration will instantiate database schemas and diagrams, server configurations and deployments, yet also an API. Back-end, and front-end technologies will now have a fleshed out passage.
Sprint 06: Front-end Technologies (Week 7 & 8)
- UI Framework (Week 7)
- Styling (Week 8)
The UI from sprint 3 be fine-tuned, and enhanced working out the kinks.
Sprint 07: Script Generation Features (Week 8 & 9)
Scripts to automate hardening will be written.
Sprint 08: Game Theory & Optimization (Week 9 & 10)
Is this app working as efficiently? Can it use less memory?
Sprint 09: Testing (Week 10 & 11)
ZTForge will undergo thorough testing for security requirements. Let’s play in the sandbox!
Sprint 10: Deployment (Week 11)
Expecting a Zero Day? Biting your nails? Screaming bloody murder? This significant milestone should forge (see what I did there?) this application into bronze marking a day to remember.
Sprint 11: Project Review and Closure (Week 11)
Tabletop session for what went wrong vs. what went right. Survey says?
Want to know more?
Check out my PowerShell Automation Baseline Hardening for Windows 10 paper at https://www.researchgate.net/publication/373979687_PowerShell_Automation_Baseline_Hardening_for_Windows_10