The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also gain access to thousands of other FAQs at ITFAQnet.com.

Q: Is it really necessary to go through the hassle of verifying the source and establishing dedicated build machines to build the agent and console installers?

A: Yes. It is necessary if you are serious about deploying a system that works, and that you can trust to provide reliable information about changes to your hosts. The verification step is necessary because, as seen in the last few years, source code repositories are not immune from attacks and just computing an MD5 means little. The source is PGP signed by the key listed in the beginning of this chapter. Dedicated build machines are necessary for a couple of reasons. First, it makes little sense to build your trusted source in an environment that you do not trust. There are certain elements to this whole process that you can control (e.g. build environments), and there are those that you cannot (quality of software). At the very least, take advantage of the steps you can control to better your chances of a successful deployment. The second reason dedicated...