Page 14 - Cyber Defense eMagazine - July 2018
P. 14

There  are  many  different  potential  answers  to  these  questions.  Configurations  can  change
               due  to  users  modifying  them,  settings  being  misconfigured  initially,  or  machines  being
               turned  off  when  group  policies  are  entered.  When  configuration  changes  go  unnoticed,
               organizations  are  left  facing  easily  exploitable  vulnerabilities.  This  is  the  reason  security
               frameworks  recommend  security  teams  utilize  a  form  of  configuration  management
               automation providing consistent  security metrics rather than  a manual process.




               SETTING A STANDARD

               Most  of  today’s  security  frameworks  include  configuration  management  requirements.
               Frameworks  such  as  NIST  800-53  implemented  specific  guidelines  for  configuration
               management  following  the  results  of  Operation  Eligible  Receiver  97.  These  guidelines
               suggest practices such as setting a configuration baseline and limiting systems to only provide
               essential  capabilities  in  a  control  known  as  “least  functionality.”  NIST  800-53  and  other
               frameworks  are  great  outlines  for  general  requirements  but  do  not  provide  details  on  how
               configurations should be set.



               For  specifics  of  how  configurations  should be set, security teams utilize validated standards
               such  as  Security  Technical  Implementation  Guides  (STIGs)  from  the  Defense  Information
               Systems  Agency  (DISA).  STIGs  are  required  configuration  standards  for  all  Department  of
               Defense  devices  and  systems.  These  standards  have  provided  a  guideline  to  secure  areas  of
                                              2
               networks  at  risk  since  1998.   Following  an  established  standard  such  as  STIGs  provides
               security  teams  with  clear  direction  in  their  configuration  management  process  while
               ensuring  compliance  with  frameworks  and  improving  the  security  posture  of  their
               organization.




               MONITORING CONFIGURATION DRIFT


               Even when organizations follow a configuration guideline such as STIGs, there is still a risk
               for  configuration  drift  without  a  proper  monitoring  solution.  Drift  occurs  as  devices,
               software, or users are added to a network and can be almost impossible to track manually. An
               example of drift affecting an organization’s security posture can be seen when looking at user

               rights  assignments,  specifically  the  ability  to  debug  a  program.  Debug  rights  are  typically


                 Security Technical Implementation Guides (STIGs). Retrieved from: https://iase.disa.mil/stigs/Pages/index.aspx
               2

                   14    Cyber Defense  eMagazine – July 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.
   9   10   11   12   13   14   15   16   17   18   19