Managing Configuration


               Configuration management helps ensure that systems are deployed in
               a secure consistent state and that they stay in a secure consistent state
               throughout their lifetime. Baselines and images are commonly used to

               deploy systems.


               Baselining

               A baseline is a starting point. Within the context of configuration
               management, it is the starting configuration for a system.

               Administrators often modify the baseline after deploying systems to
               meet different requirements. However, when systems are deployed in
               a secure state with a secure baseline, they are much more likely to stay
               secure. This is especially true if an organization has an effective change
               management program in place.

               Baselines can be created with checklists that require someone to make
               sure a system is deployed a certain way or with a specific

               configuration. However, manual baselines are susceptible to human
               error. It’s easy for a person to miss a step or accidentally misconfigure
               a system.

               A better alternative is the use of scripts and automated operating
               system tools to implement baselines. This is highly efficient and
               reduces the potential of errors. As an example, Microsoft operating
               systems include Group Policy. Administrators can configure a Group

               Policy setting one time and automatically have the setting apply to all
               the computers in the domain.


               Using Images for Baselining

               Many organizations use images to deploy baselines. Figure 16.2 shows
               the process of creating and deploying baseline images in an overall

               three-step process. Here are the steps: