One of the most common complaints about creating and implementing security baselines is that they are hard to establish for the different computers on the network and they are almost impossible to implement. Couple this complaint with keeping the computers up to date with the security baselines causes computers to go without any baseline or security foundation.
What is a security baseline?
I am sure that you have all heard about security baselines or have a preconceived definition of them. However, I just want to make sure that my definition and your definition is the same for this article. The security baseline is a suite of security settings that are established for each type of computer in your organization. The security baseline is established in such a way that the computer performs it duties, but nothing else.
The reason for this “limited” approach is that if the computer can’t perform anything but its predetermined duties, the possibility for it being attacked successfully is much smaller.
Windows computers need security baselines more than about any other type of computer for a couple of reasons. First, Microsoft is notorious for allowing the default installation of their operating systems to be insecure. I don’t think I need to defend this statement much, considering the issues with Internet Information Services and Internet Explorer over the past couple of years.
The security baseline will consist of more than just securing services and applications; it will go to the core of the computer security settings. A typical security baseline will include control over services, permissions on files, Registry permissions, authentication protocols, and more. There will be a security baseline established for each type of computer in your organization. This will include domain controllers, file servers, print servers, application servers, clients, etc.
Security Templates for Baselining
In the last article I wrote, Understanding Security Templates (LINK!!!), you were introduced to the contents of a security template. There we saw that a security template included settings for the following areas:
- Account Policies
- User Rights
- Event Log settings
- Restricted Groups
- System Services
- File Permissions
- Registry Permissions
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.