Baselines are known as a starting point and organizations commonly use baselines to provide known starting points for workstations and servers. If you’re planning on taking the Security+ exam, you should have a basic understanding of the several different types of baselines.
For example, can you answer this question?
Q. Maggie is compiling a list of approved software for desktop operating systems within a company. What is the MOST likely purpose of this list?
A. Host software baseline
B. Baseline reporting
C. Application configuration baseline
D. Code review
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Configuration Baselines
A configuration baseline identifies the configuration settings for a system. This includes settings such as printer configuration, application settings, and TCP/IP settings. This is especially useful when verifying proper operation of a system. As an example, if a server is no longer operating correctly, it might be due to a configuration change. Administrators might be able to identify the problem by comparing the current settings against the baseline and correcting any discrepancies.
The differences between a configuration baseline and a security baseline can be a little fuzzy. The security baseline settings are strictly security related. The configuration baseline settings ensure consistent operation of the system. However, because the configuration baseline contributes to improved availability of a system, which is part of the security triad, it also contributes to overall security.
An important consideration with a configuration baseline is keeping it up to date. Administrators should update the configuration baseline after changing or modifying the system. This includes after installing new software, deploying service packs, or modifying any other system configuration settings.
Host Software Baselines
A host software baseline lists all software installed on a system, along with a list of approved software. Administrators sometimes refer to it as an application baseline. Administrators can perform automated scans of computers to create an inventory of all the installed applications. They can compare this with a list of approved applications to identify unauthorized applications. This type of scan can also identify applications that aren’t up to date with current patches and are vulnerable to attack.
Remember this
Host software baselines provide a list of approved software and a list of software installed on systems. Administrators can use this to identify unauthorized software installed on systems. Unauthorized software is not maintained and can easily become vulnerable without patching.
Application Configuration Baselines
Application configuration baselines identify the proper settings for applications. They are similar to system configuration baselines with the exception that they only refer to settings for specific applications. As an example, imagine an organization hosts several database servers running Microsoft SQL Server. Administrators configure the settings on these systems in a secure state and document the settings. Later, administrators can audit the servers to ensure the settings haven’t been modified.
Performance Baselines
A performance baseline identifies the overall performance of a system at a point in time. If performance deteriorates later, administrators can compare the current performance against the baseline report. The differences between the current measurements and the baseline help an administrator differentiate between normal performance and actual problems.
The baseline report includes information on usage of basic system hardware resources, such as the processor, memory, disk, and network interface card (NIC). It also includes additional system data, such as logs to show normal behavior.
As an example, Performance Monitor is a tool used within Windows systems to create performance baseline reports. A performance baseline report captures snapshots of key metrics every 30 minutes throughout a seven-day period. These snapshots give a good picture of a system’s performance during peak performance times and slack times. An administrator can later compare current performance with the baseline to identify any differences.
Baseline Reporting
Baseline reporting is the process of comparing systems against a baseline to identify discrepancies or anomalies. It can be used with any type of baseline. As an example, a security baseline configures systems in a known secure state. Later, administrators can audit the systems to ensure they are still in the same known secure state.
Several tools are available to assist with baseline reporting. Vulnerability scanners scan systems looking for specific security settings and provide a report for systems with different security settings. Similarly, application baseline reporting includes a scan of systems to identify installed applications and compares it with authorized applications. If it finds unauthorized software, such as P2P software, the baseline report lists the software along with computer’s name and other relevant details on the computer such as its IP address.
Remember this
Baseline reporting provides a report after comparing baselines with current systems. Administrators use baseline reporting for security baselines, operating system baselines, application configuration baselines, and software baselines.
Q. Maggie is compiling a list of approved software for desktop operating systems within a company. What is the MOST likely purpose of this list?
A. Host software baseline
B. Baseline reporting
C. Application configuration baseline
D. Code review
Answer is A. A host software baseline (also called an application baseline) identifies a list of approved software for systems and compares it with installed applications.
Baseline reporting is a process that monitors systems for changes and reports discrepancies.
An application configuration baseline identifies proper settings for applications.
A code review looks at the actual code of the software, and doesn’t just create a list.
You might also like to view the post about Security Baselines.
Haha I am actually on this chapter now, so this one was easy. Thank you for your books, they are incredibly easy to read and make the material fun to study!