| Like what you see? Get it in one document for easy printing! |
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31) |
|
| Test yourself better with 300 extra Security+ questions! |
| Get It Here! |
|
|
3.5 Security Baselines
(Page 2 of 2)
Automatic Enforcement of Baselines
Some security auditing products take
the idea of baselines one step further by allowing you to specify rules
for your desired system configurations (and other security controls)
within the auditing product, so that the tools can automatically scan
for deviations from those baselines and report them to you.
Implementing Baseline Recommendations
One idea, which can’t be
repeated often enough, to those who are in the process of “tightening
the screws” is the importance of testing and re-testing new configurations
to make sure that you haven’t “broken” any critical network/system
functionality as you’ve worked to increase security. It’s
somewhat sad to report this, but the software world is replete with
packages (not named, to protect the guilty) that contain functions that
just won’t work if file system security is tightened, ordinary
users aren’t assigned rights normally reserved for administrative
users, etc. This is the kind of situation you want to discover on a
Saturday morning, with a crew of volunteer users and a nice brunch delivery
expected at 11am (so that the users can take a break, and your team
can frantically work to adjust small things that didn’t work properly
during the first few hours of testing), not on the day that the company
is trying to close the month. If you discover that you seem to be running
one of these packages that just don’t play nicely with a locked-down
system, contact the vendor to see if they have any solutions or workarounds
to the issue you find. If not, management needs to know about it, because
a choice needs to be made, balancing security exposure with the importance
of that package to the organization.
 Test BEFORE Deploying
When hardening network components, be sure to test your changes carefully before putting them into production, as security improvements often conflict with the way applications expect things to be configured.
|
In the following sections, we look
at the process of “hardening” (making resistant to attack)
various types of server functionality typically available within an
organization’s network. Starting with the underlying OS/NOS level,
since an application server won’t be secure if the OS on which
it runs is not secure, we continue by looking at common services often
made available over the Internet such as web, email and ftp, and services
generally used internally such as DHCP and directory services.
|
Quick navigation to subsections and regular topics in this section
|
| If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|
