Sunday, September 27, 2015

System Image (Gold Image)

Using Imaging for Baselines
One of the most common methods of deploying systems is with images. An image is a snapshot
of a single system that administrators deploy to multiple other systems. Imaging has become an
important practice for many organizations because it streamlines deployments while also ensuring
they are deployed in a secure manner.

Capturing and deploying images
1. Administrators start with a blank source system. They install and configure the operating
system, install and configure any desired applications, and modify security settings.
Administrators perform extensive testing to ensure the system works as desired and that it
is secure before going to the next step.

2. Next, administrators capture the image. Symantec Ghost is a popular imaging application,
and Windows Server 2012 includes free tools many organizations use to capture and
deploy images. The captured image is simply a file that can be stored on a server or
copied to external media, such as a DVD or external USB drive.

3. In step 3, administrators deploy the image to multiple systems. When used within a
network, administrators can deploy the same image to dozens of systems during an initial
deployment, or to just a single system to rebuild it. The image installs the same
configuration on the target systems as the original source system created in step 1.
Administrators will often take a significant amount of time to configure and test the source
system. They follow the same hardening practices discussed earlier and often use security and
configuration baselines. If they’re deploying the image to just a few systems such as in a classroom
setting, they may create the image in just a few hours. However, if they’re deploying it to thousands of systems within an organization, they may take weeks or months to create and test the image. Once
they’ve created the image, they can deploy it relatively quickly with very little administrative effort.
Imaging provides two important benefits:

Secure starting point. The image includes mandated security configurations for the system.
Personnel who deploy the system don’t need to remember or follow extensive checklists to
ensure that new systems are set up with all the detailed configuration and security settings.
The deployed image retains all the settings of the original image. Administrators will still
configure some settings, such as the computer name, after deploying the image.
Reduced costs. Deploying imaged systems reduces the overall maintenance costs and
improves reliability. Support personnel don’t need to learn several different end-user system
environments to assist end users. Instead, they learn just one. When troubleshooting, support
personnel spend their time focused on helping the end user rather than trying to learn the
system configuration. Managers understand this as reducing the total cost of ownership (TCO)
for systems.

Many virtualization tools include the ability to convert an image to a virtual system. In other
words, once you create the image, you can deploy it to either a physical system or a virtual system.
From a security perspective, there is no difference how you deploy it. If you’ve locked down the
image for deployment to a physical system, you’ve locked it down for deployment to a virtual system.

Imaging isn’t limited to only desktop computers. You can image any system, including servers.
For example, consider an organization that maintains 50 database servers in a large data center. The
organization can use imaging to deploy new servers or as part of its disaster recovery plan to restore
failed servers. It is much quicker to deploy an image to rebuild a failed server than it is to rebuild a
server from scratch. As long as administrators keep the images up to date, this also helps ensure the
recovered server starts in a secure state.

Configuration Baselines
A configuration baseline identifies the configuration settings for a system. This includes settings
such as printer configuration, application settings, and TCP/IP settings. This is especially useful when
verifying proper operation of a system. As an example, if a server is no longer operating correctly, it
might be due to a configuration change. Administrators might be able to identify the problem by
comparing the current settings against the baseline and correcting any discrepancies.
The differences between a configuration baseline and a security baseline can be a little fuzzy.
The security baseline settings are strictly security related. The configuration baseline settings ensure
consistent operation of the system. However, because the configuration baseline contributes to
improved availability of a system, which is part of the security triad, it also contributes to overall
security.
An important consideration with a configuration baseline is keeping it up to date. Administrators
should update the configuration baseline after changing or modifying the system. This includes after
installing new software, deploying service packs, or modifying any other system configuration
settings.

Based on Darril Gibson's Security+ book.

No comments:

Post a Comment