Chapter 8: Security Baselines

Chapter 8

Security Baselines

About This Chapter

A security baseline is a set of rules or recommendations that establish a minimum acceptable security configuration. Security baselines, which are also called security benchmarks or checklists, are often presented as printed or electronic documents, but they can also be programs that evaluate system configuration. For example, the Center for Internet Security (CIS) has a large set of documents called security benchmarks for a variety of popular operating systems, routers, and Web servers. These documents and related tools serve as security baselines for the equipment in many organizations. This chapter examines security baselines for network devices, operating systems, applications, and different types of server configurations.

Before You Begin

This chapter assumes basic knowledge of Transmission Control Protocol/Internet Protocol (TCP/IP), as presented in Chapter 2, "TCP/IP Basics." You should also understand certificates as presented in Chapter 3, "Certificate Basics." Further, this chapter assumes that you know how to secure the network infrastructure and individual client applications as presented in Chapter 4, "Network Infrastructure Security," and Chapter 6, "Application Security." You should also understand virtual private networks (VPNs) as presented in Chapter 5, "Communications Security." Finally, you should have read about authentication, which was covered in Chapter 7, "User Security."