1.7 BASELINES AND CONTROL AUDITS

One of SANS' mantras is "How can you properly secure your systems if you don't know what your systems are supposed to look like?" This is accomplished by establishing proper base- lining , change management and control audit procedures. Some guidelines to remember:

Take baselines of systems before installing on network “A system becomes a target as soon as it is connected on a network. By performing a baseline of the system before it is on the network, you ensure that the baseline you have performed is clean.
Establish a documented, repeatable baseline procedure “ A baseline strategy cannot be effective if the same procedures are not used each time. This means that a baseline cannot be performed solely from memory. Checklists are an excellent form of documentation for a baseline procedure.
Implement a controlled change management program “ By implementing a controlled change management program, you will be able to accurately record what changes were authorized for each system. With this historical record you will know exactly what should and should not change on your systems from the baseline.
Perform control audits to protect against unauthorized changes “ Auditing systems on a regular basis performs two functions. First, it allows for the evaluation of the current system's state to the baseline. This ensures that you always know what state the system is in. Auditing also allows the tracking of all changes going through the change management program, and catching those changes that are not.