Browse archive

Latest news

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Facebook, Microsoft and Apple disclose little on U.S. government data requests

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Cisco teams with IBM, Lancope, LogRhythm, Splunk and Symantec

Secure automated archiving from Imation

Red Hat unveils OpenStack certification and solution marketplace

Asia-wide targeted campaign drops backdoor, RAT

ISC-CERT warns about medical devices with hard-coded passwords

Hacking charge stations for electric cars

Baselining with Security Templates

by Derek Melber - WindowSecurity.com - Monday, 4 October 2004.

The solution to creating and implementing security baselines on computers in your network is to “just do it.” Security baselines establish the foundation for the overall security of a computer. If a computer has no foundation, the chances of it being compromised are very high.

One of the most common complaints about creating and implementing security baselines is that they are hard to establish for the different computers on the network and they are almost impossible to implement. Couple this complaint with keeping the computers up to date with the security baselines causes computers to go without any baseline or security foundation.

What is a security baseline?

I am sure that you have all heard about security baselines or have a preconceived definition of them. However, I just want to make sure that my definition and your definition is the same for this article. The security baseline is a suite of security settings that are established for each type of computer in your organization. The security baseline is established in such a way that the computer performs it duties, but nothing else.

The reason for this “limited” approach is that if the computer can’t perform anything but its predetermined duties, the possibility for it being attacked successfully is much smaller.

Windows computers need security baselines more than about any other type of computer for a couple of reasons. First, Microsoft is notorious for allowing the default installation of their operating systems to be insecure. I don’t think I need to defend this statement much, considering the issues with Internet Information Services and Internet Explorer over the past couple of years.

The security baseline will consist of more than just securing services and applications; it will go to the core of the computer security settings. A typical security baseline will include control over services, permissions on files, Registry permissions, authentication protocols, and more. There will be a security baseline established for each type of computer in your organization. This will include domain controllers, file servers, print servers, application servers, clients, etc.

Security Templates for Baselining

In the last article I wrote, Understanding Security Templates (LINK!!!), you were introduced to the contents of a security template. There we saw that a security template included settings for the following areas:

Account Policies
User Rights
Event Log settings
Restricted Groups
System Services
File Permissions
Registry Permissions

As you can see from this list to the list we just unveiled in the baselining section above, they are virtually encompass the same security settings. Although a typical security baseline needs to include a few areas outside of a default security template, it includes so many of the settings it can’t be ignored as a solution for implementing your security baselines.