Baselines: What you need to know

Recently, Microsoft announced the launch of the official Microsoft Security Baselines TechNet home. It is a portal of information for their security baselines function on their products – a large number of pre-designed security configurations to choose from in addition to the basic security that is installed on the device when it comes out of the box.
What are security baselines?
Whether you use Microsoft and have access to their pre-designed baselines or need to design your own, they are something you should be using to make your job easier.
Baselines are a collection of security settings. There is no one-size-fits-all set of baselines for every company because every company faces different threats. In fact, there isn’t even a one-size-fits-all set of baselines for everyone in your company; some departments may require more or less security restrictions.
Why do you need security baselines?
By implementing security baselines at your company, you are going to save yourself time and sanity:
- You will not have to navigate every safety option on every device. Instead, you will have a company standard that will allow you to (relatively) quickly setup a new device.
- You don’t have to deal with arguments about exceptions. When choosing/creating the baselines you will do the research to decide exactly what your company and each department needs in terms of security. If you ever have someone argue with you, you will simply be able to refer to company and department standards.
Creating your security baselines
Like we mentions above, there is no one-size-fits all set of baselines and some would argue that setting up baselines continues to get more challenging as products come out with an increasing number of security options.
Instead of taking on the impossible task of talking about every security option you need to consider, we gathered up some security baseline examples from companies to help inspire you.
- Mandatory Security Baselines from CERN
- Network Security Baseline from CISCO
- Server Security Baseline Standard from University of Cincinnati
- Platform Management Guidelines from Texas A&M International University
And of course, we have found some checklists for you. No plan is complete without a checklist.
- Security Baseline Checklist from CISCO
- Baseline General Practice Security Checklist from Patient First
- NIST Checklist Program
Share your security baseline tips and tricks in the comment section below. We would love to be able to see what you are doing to keep you company secure.