From 1a390e91344e0fce1fc8ead232136c4518161281 Mon Sep 17 00:00:00 2001 From: Bruno Lopes <37803210+brunokktro@users.noreply.github.com> Date: Fri, 20 Dec 2024 17:36:41 -0300 Subject: [PATCH] Update hardening_container_image.adoc (#611) --- latest/bpg/windows/hardening_container_image.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/latest/bpg/windows/hardening_container_image.adoc b/latest/bpg/windows/hardening_container_image.adoc index 15207bff2..92b7265f4 100644 --- a/latest/bpg/windows/hardening_container_image.adoc +++ b/latest/bpg/windows/hardening_container_image.adoc @@ -21,7 +21,7 @@ We'll start by delving into why each of these security configurations is vital f == 1. Configure Account Policies (Password or Lockout) using Local Security Policies and Registry -Windows Server Core is a minimal installation option that is available as part of the [EKS Optimized Windows AMI](https://docs.aws.amazon.com/eks/latest/Configuring Account Policies (Password or Lockout) using Local Security Policies and the Registry strengthens system security by enforcing robust password and lockout rules. These policies require users to create strong passwords with a defined minimum length and complexity, protecting against common password-related attacks. +Windows Server Core is a minimal installation option that is available as part of the [EKS Optimized Windows AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-windows-ami.html). Configuring Account Policies (Password or Lockout) using Local Security Policies and the Registry strengthens system security by enforcing robust password and lockout rules. These policies require users to create strong passwords with a defined minimum length and complexity, protecting against common password-related attacks. By setting a maximum password age, users are prompted to regularly update their passwords, reducing the likelihood of compromised credentials. Lockout policies add an extra layer of protection by temporarily locking accounts after a specified number of failed login attempts, helping to prevent brute-force attacks. Configuring these settings via the Windows Registry allows administrators to enforce these security measures at the system level, ensuring uniformity and compliance throughout the organization. Applying these Account Policies in a Windows Container is essential for maintaining security consistency, even though containers are often ephemeral and intended for isolated workloads: @@ -324,4 +324,4 @@ Securing Windows containers also aligns with regulatory requirements that mandat In summary, the rise of containerized applications, coupled with the growing number of cyber threats, makes container security a nonnegotiable aspect of modern infrastructure management. By adhering to best practices and continuously monitoring for vulnerabilities, businesses can enjoy the agility and efficiency of Windows containers without compromising on security. In this threat-rich environment, securing your Windows containers is not just an option--it's a must-have. -📝 https://github.com/aws/aws-eks-best-practices/tree/master/latest/bpg/windows/hardening_container_image.adoc[Edit this page on GitHub] \ No newline at end of file +📝 https://github.com/aws/aws-eks-best-practices/tree/master/latest/bpg/windows/hardening_container_image.adoc[Edit this page on GitHub]