Simple Secure Configuration Management

Here’s a simplified plan to use a configuration management process to lock down your key network components:

  1. Know everything on your network – having a good inventory is prerequisite to everything else. If you don’t know what’s on your network, you can’t defend it or fix it. If you don’t know what state it’s in, you can’t protect it. Automate the discovery process and updating of inventory where practical. Consider using 802.1X ethernet port control protocol to control what devices are allowed on your network.

  2. Use a standard configuration for your key components
    • Select a securable configuration of hardware and software (consider not using Windows in key areas like the perimeter).
    • Select secure configuration settings for each component – turn off all services and ports that are not being used and make sure those that are necessary are hardened.
    • Collect your configurations in a baseline and apply it consistently. Consider using automation techniques such as imaging or cloning.
  3. Use a change control process
    • Restrict access that allows change
    • Set up a Change Control Board (CCB) that reviews and authorizes changes to be made.
    • Perform an analysis of the impact on security that each change can create.
    • When authorized, implement the changes in a standardized way and document the whole process.
  4. Monitor your infrastructure constantly – scan for devices, scan for ports and services, use intrusion detection monitoring to check network traffic, correlate all this information to create situational awareness reports that can pinpoint anomalies. Automate as much of this as possible.
    • Monitor for security effectiveness – get reports from your security protection mechanisms that show how well they are working.
    • Monitor for vulnerabilities – use a variety of scanning on a regular basis to check for weaknesses.
    • Monitor for changes to configurations

    ALSO CONSIDER:

  5. Use a Patch Management process to fix vulnerabilities.

  6. Use an Incident Response process to react to events.

SEE ALSO:
Patch and Vulnerability Management
Continuous Monitoring

Categories: Configuration Management
Tags: , , ,

By on September 1st, 2011

Comments are closed.

« »