One aspect of Infrastructure testing is to ensure that systems and services meet a standard. That standard may be yours, your company’s, or one published by a government, group or organization. When it comes to cybersecurity, there are several standards but (in my experience) the two major standards organizations are:
National Institute of Standards and Technology (NIST) Center for Internet Security (CIS) Terminology Before I get into the specifics of these two standards, I want to take a minute to define some terms.
Use PowerShell’s de facto standard unit testing module to validate your infrastructure is deployed and configured to your specifications.
What is “Infrastructure Testing” In my own words, infrastructure testing is:
validating that a configuration item is the value that you expect it to be.
For example:
Is the Operating System Windows Server? Is the DNS service running? Is the count of members of the local ‘Administrators’ group 3? As a sysadmin, these are things that I would check on as part of my daily operations tasks, and also things that I would check on during troubleshooting.
This is my first public post. I intend to use this space for documenting and discussing my personal projects. Over the next few posts, I’ll try to lay out the general subject matter and develop a workflow / schedule for publishing content.
Right now, the general tools are github pages, github actions and hugo. I am currently using Markdown as the source format, but I’ve been a long time user of the amazing org mode format, and I see that hugo supports that as well.