Detailed Study Notes on Baselines and Security

Understanding Baselines

  • Definition of Baseline

    • Baseline refers to a snapshot of a particular configuration or state of a system, showing its current settings and configurations.

    • Baselines can be used to assess how things are normally configured, allowing comparison to identify abnormalities.

      • A snapshot is vital for setting up security configurations.

      • Establishing a baseline means configuring everything as desired with security measures enabled, and then taking a snapshot of this state to use as a reference.

  • Importance of Knowing Normal

    • It's essential for IT professionals to know what 'normal' looks like in their environment.

    • When users report issues, they may say, "This isn't normal," making prior knowledge of the baseline crucial for effective troubleshooting.

Related Concepts

  • Gap Analysis

    • Compared to baseline, gap analysis involves determining where the organization currently stands versus where it should be.

    • The difference between the two states indicates the gap that needs to be filled, which can be bridged using the established baseline.

  • Types of Baselines

    • Performance Baselines

    • Productivity Baselines

    • Security Baselines

Configuration Management

  • Role in Baselines

    • Configuration management is crucial for maintaining consistent baselines across a large number of client systems.

    • Tools are available to help capture, deploy images, and maintain baselines across an organization’s infrastructure.

Endpoint Hardening

  • Definition

    • Endpoint hardening involves configuring devices to minimize vulnerabilities that could be exploited by attackers.

  • Principle of Least Privilege

    • The principle states that only the necessary privileges should be provided to users and applications.

    • Unnecessary applications, services, and firewall rules should be disabled or uninstalled to prevent potential access points for attackers.

  • Implementation

    • Implement a secure configuration on a machine and replicate this configuration across all machines using deployment tools to manage consistency.

Maintaining Security Over Time

  • The Need for Reevaluation

    • Over time, configurations may deviate from the established baseline.

    • Regular monitoring and adjustments may be necessary to bring configurations back into alignment.

Hardening Concepts

  • Reducing the Attack Surface

    • By disabling unnecessary functions and services, the attack surface (the potential points of exploitation) is reduced.

  • Common Hardening Techniques

    • Change default credentials

    • Uninstall unnecessary applications

    • Use secure protocols for management communication (e.g., SSH)

    • Enforce the use of strong passwords

Access Control

  • Access Control Lists (ACL)

    • ACLs are lists of permissions that determine who can access certain resources or data.

      • Applied in various contexts such as firewall rules and file permissions.

  • Logging and Monitoring

    • Logging is crucial for understanding changes, as knowing what was changed can lead to identifying issues during troubleshooting.

Port Security

  • Configuration of Port Security

    • Disable unused ports to prevent unauthorized access.

    • Use IEEE 802.1X for port-based authentication to ensure devices must authenticate before accessing the network.

Firewalls and Intrusion Detection Systems

  • Types of Firewalls

    • Packet-filtering firewalls which control traffic based on IP address, port number, and protocols.

    • Network-based intrusion detection systems monitor traffic passing through a network, while host-based systems monitor individual devices.

    • Importance of signature-based and anomaly-based detection to identify threats.

Wireless Security

  • WiFi Security Considerations

    • Ensure secure authentication methods and proper configuration of access points to prevent unauthorized access.

    • Common methods include WPA2 and WPA3, both relying on Advanced Encryption Standard (AES) for encryption.

Network Access Control (NAC)

  • NAC Definition

    • NAC involves monitoring and managing the health of devices that connect to a network through health checks and compliance statuses.

    • Can use agents installed on devices that communicate their status before permission is granted to connect fully to the network.

Holistic Approach to Security in IT

  • Physical Security Importance

    • Physical access control is vital as an attacker with physical access can accomplish much more than remote attempts.

  • Real-World Applications

    • The importance of updating systems regularly is highlighted, including the challenges involved in larger organizations, where testing updates before deployment may be necessary.

Miscellaneous Considerations

  • Documentation and Process

    • Good documentation is essential for troubleshooting, maintaining clear communication about configurations and changes made in environments.