Configuration Management

The Importance of Configuration Compliance

The default configuration of most computers and networking devices favors ease-of-use over strong security. In addition, the security posture of computers tends to weaken over time as users change configurations to make them easier to use. Configuration management continuously hardens computers.

Limitations of System Configuration Management

While properly configured systems shrink attack surfaces, they do not eliminate exploits from occurring for the simple fact that some ports must be left open in order to support system operations.  In addition, automatic updating of a computer's configuration can break existing software applications.

Vidder's Configuration Management Recommendations

In general, Vidder strongly recommends hardening systems by removing all unnecessary accounts and services, updating patches, and locking down unused network ports. All configuration-hardening changes must be made before connecting the device to the network.

In addition, Vidder strongly recommends automating the process of configuration management to ensure users do not decrease the security posture of any computer.

Embedded Systems

Vidder strongly recommends running a configuration management process as part of the nightly build.

Servers

Vidder strongly recommends configuration requirements be established and implemented for each unique software package running on production servers.  For example, Apache running on REHL will have configuration requirements that are distinct from Apache running on other operating systems and distinct from running other applications on REHL.

Servers images must be hardened before putting them into the public cloud.

Clients

Vidder strongly recommends hardening client devices through group policy objects, or other similar methods.

Copyright© 2005-2013 Vidder, Inc. All rights reserved.