Config Management
-
Upload
naga-prasad-gannavarapu -
Category
Documents
-
view
14 -
download
1
description
Transcript of Config Management
Configuration Management, Policies and Procedures
Don PetravickComputer Security Awareness Day.
Sept 29, 2009
So what’s configuration management?
• It’s a field of management that focuses on establishing and maintaining consistency of performance over a lifecycle.
• What kind of performance are we here to talk about?– Performance related to the lab’s policies.
• Policies of interest:– Security, Greenness, Licensing.
• What changes over the lifecycle of a computer?– Much change is centered around Installed software and
the software’s configuration– So that is our focus.
“True It Up”• Prohibited: “Violation of license and other computer
related contract provisions, particularly those that expose the laboratory to significant legal costs or damages.”
• Use case:– Vendor “A” sells licensed software at a modest cost per
computer. • No one user thinks procurement is “significant”• Procurements are ad hoc.
– One day, the Lab is informed the vendor would like to “true up” the license costs.• Vendor produces an estimate of a very high level of use of the
software. – Fermilab must produce an accurate inventory of installed copies
on all of its machines.
Secure It Up
• Fermilab GCE controls states that all desktops and personal workstations will display a screen saver requiring a password after designated timeout*
• Naively, a person may feel this setting is solely governed by their own preference, and alter the configuration.
• However, Auditors walk about the site at night, looking at desktops, find unlocked machine
• *unless there is a recognized compensating control
Green It Up
• Emerging Policy (from Draft):“Utilization – Computing assets will be operated in an energy efficient manner ... In particular, procedures define standards for power management of monitors, laptop displays and processing units, and resource utilization standards for printers. Computers that are managed by Fermilab will have these standards automatically applied.”
Forget configuration management, What is this all about?
• The lab as a whole aspires to high standards for the security of every machine at the Laboratory.– This is hard to achieve without focus.– An organized approach is the surest way to
achieve and sustain overall high performance. • The Lab makes a plan, and works to the plan.
– Plan must be expressed in a standard framework. – The plan has to be rooted in modern technical culture
» Usual techniques, and skill sets. (so we can staff it up_» Is organizationally defensible (separation of roles)
Outside scrutiny includes
• Auditors and Data Calls – Measure whether the lab works to its plan.
• Need to grasp what we are doing.– Plan needs to be coherent.– Presented in a framework they understand.
» There are conventions – we don’t get to invent.
– Auditors sample the population of things governed by the plan and draw general conclusions.• “how you do anything is how you do everything”• Because of the small sample, even single breaches seem to
be indicative of failing to work to the plan.
Lab as a whole is held accountable
• Saying we will all try hard in our own way is a non-starter.
• Seen as an indication of whether lab can work to a plan.
• It can be very hard to hold individuals accountable.– Configurations are detailed. – Do we really want to discipline someone because (say
the director’s, or your) screen saver settings were fumble-fingered?
So the Usual and Expected Direction is
• To adopt a structured approach.– To the extent possible remove detail-oriented
accountability from the end user and into a specialized function.
– To define the processes used by that function. • So that they can be continually improved.
• It is recognized that a structured approach reduces flexibility.– This causes stress and tension in the technically
able.
Deming Cycle : PDCA
Execute the planMake plans
And policies
See how well we are secured
Consider everything, figure out what to adjust
The High Level
• Specify a process framework to figure out– What needs to be controlled.– How to specify the configuration of controlled
items. “should-be”– How to deal with exceptional needs. – Monitor: “as-is” == “should-be”– Make “as-is” == “should-be”
• Status: work to realize this has begun under tune-it-up.
What Needs to be Controlled?
• Policy Controls Everything. • Additional Emphasis and Scrutiny for:
• Things of central concern• Platforms of significance.
– Where the lab is somehow accountable, even for lapses which seem insignificant to some.
– Currently:• Computer security• Greeness.
Two Kinds of Baselines
• Global:– Example -- All computers must be secured. – The baseline specifies necessary things, “shalls.”• If you cannot do what the baseline specifies, then there
must be a compensatory control.• Recognized via variance process.
• Statistical:– Example – n% of computers will be “green”.– Variance process – can grant relief for 100% - n%.
Configuration “layer cake”
Constrained by policy>
Constrained by policy>
Constrained by policy>
<Constrained by Baseline
<Constrained by baseline
< Constrained by Baseline
< Constrained by baseline
Configuration Element AttributesAttribute Example
Unique ID
Name Auto login not allowedRequired value GDM=?, KDM=?, XDM=?
Justification Security
Compliance Test Check GDM,KDM,XDM config files
How to comply
Enforcement action Become blocked
Grace period 1 day
CIO Delegates Management of Baseline to an Organization.
Process: Role: CIO– Determines the number and kind of baselines.– Determines the concerns controlled by the
baselines.– Authorizes the construction/update and
retirement of baselines. – Determines the organizational unit responsible for
managing the baseline– Provides guidance to baseline projects in the
areas of law, regulation, lab contract, and other external constraints.
Process: Role: Baseline Manager• Monitoring that the baseline achieves its purpose• Monitoring external triggers indicating a need to
update the baseline. • Running the continuous baseline lifecycle processes.– verify, announce, enforce
• Initiating and running the non-continuous baseline lifecycle processes as needed.– Compose/update, approve, communicate, deprecate, grant
variance• Recommending to the CIO that a baseline should be
deprecated.
What the role of Major and Minor Applications?
• Policy governs everything.• The baseline process governs systems in the
enclave that do not have major or minor application plans.
• Major and minor plans are formal security plans for systems that have stronger security requirements than provided for in the enclaves.– These often refer to the security baselines
What does this mean to me?
• U1 – “I just want my computer taken care of”– Be aware that the the level of monitoring of your
computer will increase, and be agent-based.– Be aware that the level of active management will
increased, and will become agent based. • U2 – “I want to take care of my computer”– The lab will consider all business needs for
distributed and self administration.– See U1.
Summary
• Confg Mgt? Sustain the perforamance of a system. – What kind of perf? Perf of concern.
• FNAL is implementing a process framework for specifying necessary security configuration, along with a variance process, for concerns and software of significance.– Security admin is complex and is done centrally.
• As framework matures, it will be backed by sensing and control agents on computers