Security Baselines

Posted by in Security+ | 0 comments

Security Baselines

Security baselines provide a secure starting point for an operating system. The first step in creating security baselines is creating a written security policy. Once the organization creates the security policy, administrators use different methods, such as Group Policy, security templates, or imaging, to deploy security baselines. Later, they can check existing systems against the security baselines to verify the systems are still secure.

For example, imagine that your organization’s security policy mandates that users should not be able to install software. Administrators deploy systems enforcing this policy. Later, they can check existing systems to ensure that users cannot install software and the original security baselines are still intact.

An organization will typically have several security baselines. For example, end-user operating systems use one baseline, generic servers use another baseline, and specialty servers use other baselines.

Each operating system is different, so there isn’t a standard checklist that identifies how to lock down all operating systems. However, there is a place to check the vendor’s documentation. If you’re trying to secure an operating system or an application running on the operating system, check the documentation. This documentation often includes valuable information with easy-to-follow steps.

Some vendors include tools to help create a security baseline. For example, Microsoft Server operating systems include the Security Configuration Wizard (SCW). SCW leads administrators through a series of questions about a system and then creates an Extensible Markup Language (XML) database file that includes a wide assortment of security settings. Administrators can import these settings into a Group Policy object to apply them.

Note: This blog is an excerpt from the
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.

 

Enforcing Security Baselines with Group Policy

Microsoft domains use Group Policy to standardize the configuration of systems. An administrator can create and apply a Group Policy object (GPO) to configure all the systems in the domain, or target specific systems.

The magic of Group Policy is that an administrator can configure a single setting within a GPO and apply it to multiple users or computers with very little effort. A GPO works the same way whether it’s being applied to five systems or five thousand. Group Policy is applied when a computer starts up and when a user logs on. The system periodically checks for any changes to Group Policy and automatically applies them.

Another benefit of Group Policy is that it regularly reapplies security settings. If a problem or attack compromises a system, this process helps keep the Group Policy security settings in place.

Using Security Templates for Security Baselines

GPOs have so many capabilities that it’s difficult for any single administrator to learn and know all the possible security settings. However, you can use preconfigured security templates to address many different security needs. Additionally, you can modify any of the security templates to meet specific needs. For example, if your organization has strict security guidelines for systems, you can use security templates to configure the settings and apply them consistently across the organization.

Remember this

You can use Group Policy and security templates to standardize system configuration and security settings. These methods allow you to enforce strict company guidelines when deploying computers and reapply security settings to multiple computers.

Security templates provide a secure starting point for systems to enforce a security baseline. You can use them to deploy multiple security settings to individual computers and to multiple computers through a GPO.

Security templates include the following sections:

  • Account Policies. This includes password and lockout policy settings.
  • Local Policies. You can control many user rights with settings in this section.
  • System Services. You can use this to disable any unnecessary services.
  • Software Restrictions. You can control what software can be installed on a system and what software can run on a system.
  • Restricted Groups. You can control any group with this setting. For example, you can use this to control which users are in the Administrators group.

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 40 new multiple-choice questions we've added after publishing the study guide.
  • Over 30 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here


Using Configuration Baselines for Security Baselines

A configuration baseline documents the configuration of a system. This includes all the system configuration settings, such as printer configuration, application settings, and TCP/IP settings. It may also include a host software baseline, which lists all software installed on the system.

The differences between a configuration baseline and a security baseline can be a little fuzzy. The security baseline settings are strictly security related. The configuration baseline settings ensure consistent operation of the system. However, since the configuration baseline contributes to improved availability of a system, which is part of the security triad, it also contributes to overall security.

An important consideration with a configuration baseline is keeping it up to date. Administrators should update the configuration baseline after changing or modifying the system. This includes after installing new software, deploying service packs, or modifying any other system configuration settings.

Remember this

Configuration baselines document system configuration and should be updated when the system is updated. This includes after installing new software, deploying service packs, or modifying any system configuration settings.

It’s also important to maintain the integrity of the configuration baseline. The change management section later in this chapter covers the importance of managing changes to prevent unintended outages.

Performance Baselines and Baseline Reporting

A performance baseline identifies the overall performance of a system at a point in time. If performance deteriorates later, administrators can compare the current performance against the baseline report. The differences between the current measurements and the baseline help an administrator differentiate between normal performance and actual problems.

The baseline report includes information on usage of basic system hardware resources, such as the processor, memory, disk, and network interface card (NIC). It also includes additional system data, such as logs to show normal behavior.

As an example, Performance Monitor is a tool used within Windows systems to create performance baseline reports. A performance baseline report will capture snapshots of key metrics every thirty minutes throughout a seven-day period. These snapshots will give a good picture of a system’s performance during peak performance times and slack times. An administrator can later compare current performance with the baseline to identify any differences.

The following figure shows Performance Monitor with a dynamic system performance report displayed. The report includes multiple sections, titled System Performance Report, Summary, Diagnostic Results, CPU, Network, Disk, Memory, and Report Statistics, and in the figure, the Summary and Diagnostic Results are expanded. An administrator can expand any of the other sections by clicking the down arrow on the far right of the section title.

Security Baselines Performance Monitor

Remember this

Baseline reporting documents normal system performance. Administrators compare current performance against a baseline report to determine abnormal activity.

As an example, imagine that you are asked to troubleshoot the performance of a server because it’s running slow. During your investigation, you discover that the system has an average of twenty active SSH sessions and the processor utilization averages at about 50 percent.

Is this normal? Is the system under attack? If you have a baseline report, you can compare the current activity with the baseline report to determine normal behavior. The performance baseline report will often provide you the answers. However, if you don’t have a performance baseline report, you may spend a lot of time and effort investigating normal performance that is unrelated to any problem.

As a comparison, anomaly-based intrusion detection systems (IDSs) use baselines to identify problems. As a reminder, the anomaly-based IDS starts by creating a baseline and then compares current behavior against the baseline. Without a baseline, the anomaly-based IDS cannot detect anomalies. Similarly, without a security or configuration baseline, you can’t detect changes.

Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 40 new multiple-choice questions we've added after publishing the study guide.
  • Over 30 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Other Security+ Study Resources

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.