Section 20.197 Secure Baselines Flashcards
Objectives 2.5 Explain the purpose of mitigation techniques used to secure the enterprise. Objectives 4.1 Given a scenario, you must be able to apply common security techniques to computing resources. Objectives 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security.
Secure Baseline
Standard set of security configurations and controls applied to systems, networks, or applications to ensure a minimum level of security
■ Helps organisations maintain consistent security postures and mitigate common vulnerabilities
Establishing a Secure Baseline
■ The process begins with a thorough assessment of the system, network, or application that requires protection
■ Identify the type of data involved, understand data workflows, and evaluate potential vulnerabilities and threats
■ Best practices, industry standards, and compliance requirements (e.g., ISO 27001, NIST SP 800-53) are used as starting points for defining the secure baseline
■ Create a secure baseline configuration by securing the operating system on a
reference device (e.g., a laptop)
Configuring a Secure Baseline
■ Install, update, configure, and secure the operating system on the reference device
■ Check the device against baseline configuration guides and scan for known vulnerabilities or misconfigurations
■ Install required applications (e.g., Microsoft Office suite, endpoint detection and response agents)
■ Scan for vulnerabilities in the installed applications and remediate them
■ Create an image of the reference device as the “known good and secure baseline”
Deployment
■ Configure firewalls, set up user permissions, implement encryption protocols, and ensure antivirus and anti-malware solutions are properly installed and updated
■ Use automated tools and scripts to ensure consistent application of the secure baseline across devices
■ In a Windows environment, Group Policy Objects (GPO) can be used to dictate policies, user rights, and audit settings
■ In cloud environments (e.g., AWS), services like AWS Config are employed to define and deploy secure configurations
Maintenance
■ Lock down systems to prevent unauthorized software installation or configuration changes
■ Regular audits, monitoring, and continuous assessment are required to keep the baseline up-to-date
■ Continuous monitoring tools help identify deviations from the baseline and trigger alerts for immediate remediation
■ Periodically review and update the secure baseline to adapt to changes in organisational infrastructure, business needs, and emerging threats
Employee Training and Awareness
■ Conduct training sessions to educate employees about the importance of adhering to secure baseline configurations
■ Raise awareness about the potential risks of deviating from the baseline
■ Encourage employees to report any suspicious activities they notice when using their systems
