1. Overview of Baseline Management
1. What is a security baseline
To put it simply, it is the minimum standard line of safety, which meets the minimum requirements of safety requirements
2. Related terms of baseline
3. Objects of baseline inspection
All assets must be counted. If it is missed, it may become a weak point and be attacked
4. Baseline management
Baseline configuration is not just a job task, but an ongoing and iterative security audit item
After the organization defines the baseline, it needs to continuously update and check the validity of the baseline
2. Dimensions of Baseline Verification
1. Access control
2. Authorization management
3. Intrusion prevention
Minimum installation principle: take into account the use of permissions, as small as possible
4. Log audit
5. Resource management
3. Baseline Verification Standards
1. Account password
2. Authentication and authorization
3. Log security
4. Protocol Security
5. Other security
4. Baseline verification method
1. Manual method
2. Automated way
Automation has some disadvantages: false positives, false negatives, etc. may occur
That's all for this article!