Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)

Previous Topic/Section
Reporting Incidents to Third Parties
Previous Page
Pages in Current Topic/Section
1
2
Next Page
3.5.1  OS/NOS Hardening
Next Topic/Section

3.5  Security Baselines
(Page 2 of 2)

Automatic Enforcement of Baselines



Some security auditing products take the idea of baselines one step further by allowing you to specify rules for your desired system configurations (and other security controls) within the auditing product, so that the tools can automatically scan for deviations from those baselines and report them to you.

Implementing Baseline Recommendations

One idea, which can’t be repeated often enough, to those who are in the process of “tightening the screws” is the importance of testing and re-testing new configurations to make sure that you haven’t “broken” any critical network/system functionality as you’ve worked to increase security. It’s somewhat sad to report this, but the software world is replete with packages (not named, to protect the guilty) that contain functions that just won’t work if file system security is tightened, ordinary users aren’t assigned rights normally reserved for administrative users, etc. This is the kind of situation you want to discover on a Saturday morning, with a crew of volunteer users and a nice brunch delivery expected at 11am (so that the users can take a break, and your team can frantically work to adjust small things that didn’t work properly during the first few hours of testing), not on the day that the company is trying to close the month. If you discover that you seem to be running one of these packages that just don’t play nicely with a locked-down system, contact the vendor to see if they have any solutions or workarounds to the issue you find. If not, management needs to know about it, because a choice needs to be made, balancing security exposure with the importance of that package to the organization.

Test BEFORE Deploying

When hardening network components, be sure to test your changes carefully before putting them into production, as security improvements often conflict with the way applications expect things to be configured.


In the following sections, we look at the process of “hardening” (making resistant to attack) various types of server functionality typically available within an organization’s network. Starting with the underlying OS/NOS level, since an application server won’t be secure if the OS on which it runs is not secure, we continue by looking at common services often made available over the Internet such as web, email and ftp, and services generally used internally such as DHCP and directory services.

Quick navigation to subsections and regular topics in this section



Previous Topic/Section
Reporting Incidents to Third Parties
Previous Page
Pages in Current Topic/Section
1
2
Next Page
3.5.1  OS/NOS Hardening
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.