Section 15: Configuration Management Rules
This section provides several essential guidelines pertaining to configuring systems on the network.
INFOSEC Best Practice #168
Keep track of all files on each computer using an authorized tracking and configuration management program.
You can keep track of all software deployed on a single computer with purchased software-tracking programs. All legal software can be tracked by an organization on each networked computer using a server-based tracking system. Keeping only authorized software on a system will reduce the chance that compromised programs are introduced into the system that can be used to disable individual computers and attack your computer network. An alternative to software tracking programs is to set up your own tracking system where software is checked into a clearing site within your IS organization and logged onto a database. This philosophy is good only for small organizations with 1 50 computers, but not effective for larger organizations because of the labor involved.
The organization must have a procedure for tracking software since it is the responsibility of each organization to prevent rampant copying of software by employees. Each employee should sign a document from the human resources department agreeing not to copy software. Also, do not allow employees to install software that is brought from home or that is not officially logged into the system. This is becoming a more difficult problem since many vendors are distributing software via the internet which bypasses all corporate tracking procedures. To keep track of all software on a system, software-tracking programs should be...