CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [236]
Configuration Management Policies
Configuration management refers to the types of steps that are needed to make changes in either hardware or software systems. These procedures help define the process for upgrades as well as system retirement procedures. In a large organization, configuration management is a difficult job. Most organizations have multiple generations of hardware and software.
Many older or legacy systems have applications on them that have been installed for years. In some organizations, these systems have little if any documentation about configuration or usage. If a legacy system has mission-critical data stored on it, provisions must be made to archive the information or upgrade it to a newer system.
Logs and Inventories
Logs and inventories help an organization know what is happening to organizational systems and assets. Keeping track of system events and asset inventories is an important aspect of security. System logs tell you what is happening with the systems in the network. Periodically review and clear these logs (they tend to fill up and become hard to work with). It’s a good practice to review system logs on a weekly basis to look for unusual errors, activities, or events. Establish logging levels to focus logging on certain types of events, such as failed logon attempts; this information can help you discover if attackers are trying to break in to your system before they succeed.
Inventories refer to both the physical assets and the software assets that your company owns. Software assets, in many situations, exceed the value of the hardware assets of companies. Inventory installed software periodically to make sure it’s current, licensed, and authorized for use in your network. Products such as Microsoft’s Systems Management Server and CA Unicenter can assist with asset management and inventory. In addition, software needs to be secured when it isn’t needed.
Real World Scenario
Always Think of the Obvious
A large manufacturer once lost $1,000,000 worth of computer equipment—the equipment couldn’t be found when an audit was performed. This loss caused a major panic for the organization because the equipment was part of a government project and the government wanted to know where it was.
It turned out that the equipment had been moved and put into storage. Unfortunately, the equipment move hadn’t been entered in the inventory, and the equipment had somehow become misplaced. This company had to search all of its extensive warehouse space in order to find it. Finally, the company located it, and a major confrontation with the U.S. government was averted. Had the company not been able to locate this equipment, it would potentially have had to pay to replace it.
System Architecture
The system architecture of many organizations includes an infrastructure made up of both software and hardware. Good drawings and documentation of your system architecture are immensely valuable when you’re troubleshooting or considering making changes. These documents provide you with the blueprint of your organization’s infrastructure. Keep these documents up-to-date because it’s hard to troubleshoot a network with out-of-date information.
Change Documentation
Change documentation involves keeping records about how your network or organization changes over time. As with system architecture information, it’s extremely helpful to have changes in your network well documented.
Change documentation accomplishes several things during the change process. It helps keep track of what changes have occurred, and it also helps implementers remember what was accomplished and why. In a large implementation, hundreds or even thousands of changes might be occurring across a network. These changes can become confusing if a crisis develops in the middle of the process—it might become hard to remember