Host Software Baselining – CompTIA Security+ SY0-401: 4.3

How safe is your software? In this video, you’ll learn how to create a security baseline on a server and considerations for baselining cloud-based devices.

<< Previous Video: Hardware SecurityNext: Virtualization Security >>

To be able to secure applications, we need to understand everything we can about how the application operates. We need to know what the application is communicating with across the network, what type of traffic is being sent back and forth. We need to understand what’s inside of those packets being sent over the network. We also need to understand what resources are going to be needed on individual hosts, what type of network connectivity is going to be required, and what should be expected whenever this application is running.

We also need to tighten down the operating system itself. We need to install and configure our host-based firewall and make sure that it’s only going to allow this particular application to work properly. That way, if somebody’s trying to send traffic into this application that does not look quite right, we’ve got a firewall to be able to restrict some of that communication.

We can also set up application execution restrictions, which means that certain applications may not be able to run on that particular host. That way, if the bad guy does manage to infiltrate that system, he would not be able to execute code that would be used to then exploit that particular app.

And you might also want to limit what specific folders this application has access to. Some applications might be told to write information to a system file in your operating system, which would certainly be outside of the scope of most applications. But if we can limit this application so that it only has access to write in certain areas of the operating system, we can avoid any of those types of exploits.

Once you’ve gathered this application baseline and you understand how the application communicates, you can then use that information to configure external devices like firewalls and intrusion prevention systems. Those can be locked down to only allow the proper communication. And if anything goes out of the scope of what’s normally seen for this application, you can choose to disallow that communication through the network.

It’s unusual these days to find an application that’s centralized in a single area or on a single server. These days, the applications are very decentralized. They can be located in many different areas. Part of the application might be in a data center in one part of the world, and the other part of the application may be in a completely different part of the world. So we need to think about how we’re going to secure the application, even across these very large areas.

We might also have other services and other applications running on the same physical hardware. We certainly see this with virtualization technologies these days. So it is a little bit more difficult to configure security settings and security profiles to a single device when you might have one, two, or even a hundred different applications all running on that single piece of hardware.

You may also require some additional redundancy. Part of security is making sure that your applications are available. So you want to perhaps have multiple locations where this application can run. If you happen to lose a facility, the other facility might still be running. This might also help you in cases where there might be denial of service attacks.

There could be hardware failures or power outages. Or you might have network problems. And by decentralizing the application itself, you may be able to make it much more resilient and avoid these types of security concerns.