System Hardening (classic)

Hardening is the process of reducing the attack surface of an operating system or an application by enforcing a set of configurations in line with security best practices.

The Nexthink cloud platform relies partially on software appliances hosting Engine (classic) and Portal (classic). The system hardening follows the Center for Internet Security (CIS) benchmark for Oracle Linux 8 L1.

Level 1 (L1) security controls provide a clear security benefit while having a minor impact on performance and maintaining usability. All customer instances have Level 1 (L1) security control settings automatically applied.

Hardening measures

CIS hardening

Enforcing all the CIS L1 checks requires some degree of fine-tuning to match our product configuration. We keep those changes to a strict minimum and ensure they do not impact our product's security.

Contact Nexthink Support to request the list of changes.

We will keep our hardening configuration aligned with future versions of the CIS benchmark.

CIS exceptions

Some hardening configurations are not applied as described by the CIS benchmark in the context of the Nexthink cloud platform. Those configurations are mitigated in a different way, to achieve the same objective.

Contact Nexthink Support to request the list of exceptions.