Configuration Management Flashcards
What is the only constant in IT security?
Change - Operating systems will change, patches, application updates, network modifications, new application instances, hardware, software, etc. You will have to modify your security to adapt to the changes. Documentation will be critical to track and control everything.
What will be included in Diagrams?
Documenting the physical wire and device, physical data center layout to include physical rack locations, device diagrams including the cables from beginning to end.
Baseline Configuration
The security of an application environment should be well defined. All applications instances must follow the baseline. Firewall settings, patch levels, OS file versions. This may require constant updates.
Integrity measurement checks
Should be performed often and should check your security settings with the established baselines in the documentation. If the checks fail then corrections need to be immediately implemented.
Standard naming conventsion
Create a standard by which everyone in the business can easily follow. Devices need to have asset tag names and numbers, computer need to have standardized labeling for location and/or region. Use serial numbers for each device. Networks need standardized port labeling, domain configs need to follow account naming guidelines. Emails addresses should follow a standard as well.
IP schema
IP addresses should be organized in a consistent system for network devices. It helps prevent duplicate IP addressing. Locations should have numbers of subnets, and hosts per subnet. IP ranges should be established per site and have different subnets. Addresses should be annotated and reserved for devices such as users, printers, routers/default gateways.
