Security Baselining

SECURITY BASELINING

A Minimum Security Baseline (MSB) is a minimum information security configuration standard,
sometimes referred to as an organization’s internal “best practices.” MSBs can be applied to many
areas within an organization, including routers, switches, firewalls, servers, or a site. These
configuration standards detail many important items such as security patch minimums, unnecessary
services to disable, and the number of required physical locks and surveillance cameras.
Many believe that throwing more security technology at an area is the best security “medicine.”
However, carefully applying standard information security configurations to hardware and software
in addition to physical security measures will lead to a comprehensive and sustainable information
security program.
NetSentries has experts in all facets of security, with many combined years of experience
implementing and configuring hardware and software in a secure manner.
NetSentries uses a multiphase process for developing and implementing MSBs. First, NetSentries
reviews any existing MSBs or creates an initial MSB draft. NetSentries then collaborates with the
client’s IT department to create a final version of the MSB. Once a final version is created, the IT
department implements the MSB, including new base images used to create new systems.
Once the MSBs are in place, NetSentries highly recommends testing the system by performing a
Host Interrogation and Configuration Review, which can validate if the MSBs are being applied
correctly. The MSB will be improved based on this review of emerging threats and changes in the
environment.
Finally, NetSentries recommends the client create a program that continuously updates and
improves the MSB. NetSentries can assist in setting up this program and establishing a repeating
cycle for future updates. It is critical to repeat these steps on a regular basis to ensure MSBs stay
current and relevant.