Analecta Cyber Company Blog: Know and Maintain Your Information Systems Baseline

2019-05-21

Know and Maintain Your Information Systems Baseline

man drawing gear graphic Know and maintain your information systems baseline - Analecta Cyber graphic Previously, we discussed the importance of a network baseline and how to identify anomalous activity. Now, it is time to consider a baseline for your organization’s IT systems. NIST Cybersecurity Framework calls on organizations to create baselines for their IT systems that incorporate security principles like the concept of least functionality. 

The concept of least functionality


Regardless of the size of your organization, the concept of “least functionality” is a useful security principle to incorporate into your IT baseline. When you incorporate least functionality into your systems, your organization configures the devices to only provide essential capabilities and lock down the remaining functions, protocols and ports.

It may be convenient to have a single system perform multiple roles within your organization, but doing so introduces additional risk of compromise. For example, utilizing the same device to serve as your web server and email server increases the risk of that server going down from an attack and now both systems are compromised. If the devices were separate, an email attack would not have an impact on your web server, and vice versa.

Your organization needs to consider the functions and services of each device when deciding which functions or services should be eliminated as part of the baseline. For example, part of incorporating the concept of least functionality could be physically or virtually disabling ports.

Why a baseline?


Cybersecurity measures, like the concept of least functionality, help your organization reduce the risk of attack or compromise, but managing these measures across the enterprise can be a challenge. What happens when you have 40 different machines, each running a different version of a common operating system but only 10% of the devices are updated to the current version? Having a common IT baseline can simplify updates, keep the organization aware of which software is installed and help ensure all devices are configured to your desired security design.

Once your baseline is established and documented, maintain a copy of the current version of the baseline at all times. If the baseline image installed on all new computers is an older version of the baseline, you put your new devices at risk by not having all the proper security configurations and patches. In addition to patch and change management, your network and system topology will likely evolve as your business grows. Ensure your baseline configurations reflect the current enterprise architecture.

Man drawing gears - Analecta LLC graphic

Let’s get started!


If you are starting out in business or if you are at the point in your system lifecycle management process where you are replacing older devices, you are at an ideal point to incorporate an IT system baseline. Once you have decided on your baseline configuration, you can create an operating system image that includes all the aspects of your desired configuration.

Automated tools can be a great way to create or maintain baseline configurations or make changes to the baseline based on new information or devices. These tools can track version numbers of the installed operating system and applications, the types of software installed, and the current patch level of the software. IBM and Microsoft have good examples of some of these automated means.

Prior to pushing out a brand new baseline, test the baseline image on a standalone machine and then on a standalone network. If you accidentally push out a new baseline containing security flaws, you can easily contaminate all machines that use that baseline. Only after your IT personnel test the baseline should it be put into production.

Not sure where to start?


Analecta Cyber brings decades of expertise implementing secure information systems based on the NIST Cybersecurity Framework guidelines. Our experts can work with you to help you understand information system baselines and how they can help your business. Contact us at info@analecta-llc.com or visit our Cybersecurity website.

Analecta Cyber is a Maryland-based cybersecurity firm providing cyber risk assessments for small and medium sized businesses. Analecta is a trusted partner to help companies achieve their cybersecurity objectives.


No comments :

Post a Comment