Automating Baseline Configuration Management

By Tom Kearns

What is Baseline Configuration Management (BCM)? The devices comprising a business’s IT infrastructure store all kinds of configuration information, from functional settings to software versions to various other records and files. Most companies devise a configuration policy which defines how devices should be configured and how configuration changes should occur. However, in many cases the companies do not have the tools needed to confirm that devices are conforming to the policy.

This is where BCM comes in. The baseline configuration is a snapshot of the configuration settings at a specific point in time. The configuration settings defined as the “most secure” state of an asset can then be used as a baseline for comparison. Baseline Configuration Management involves periodically retrieving the configuration of the asset and comparing it to the baseline.

Not managing the baseline represents significant risk to the business. The best way to understand the importance of BCM is to recognize that any device that does not have the proper configuration has a security vulnerability that can be exploited.

Unfortunately, many companies perform BCM as a manual activity, meaning that it is expensive, time-consuming, and prone to errors. At TDi Technologies, we solve this challenge with a device and platform agnostic approach to BCM that considerably simplifies the work involved. The ConsoleWorks solution completely automates this process, from retrieving the configuration, comparing against the baseline, alerting on changes, to identifying where changes have occurred.

For more information on Baseline Configuration Management, download the free whitepaper: Baseline Configuration Management: Closing the Security Gaps

For information on Baseline Configuration Management specific to the Utility sector, download the free whitepaper and solution brief on our NERC-CIP & Smart Grid Solutions page.

Simplifying Patching Activities with Multi-Connect

By Pam Johnson

Patching is an aspect of system maintenance that every business must deal with. Although patching is often considered a routine activity, and a monotonous one at that, mistakes in patching can result in considerable headaches for the business. These mistakes may occur because patching is performed in isolation, often by separate teams, resulting in inconsistencies and errors.

This recorded product demonstration (Demonstration Video: Optimizing Patching) highlights the ability of Multi-Connect to simplify and automate patching on groups of like IT assets while maintaining clear visibility over results and creating a complete audit trail.

This video contrasts the traditional approach to patching with the approach using Multi-Connect, demonstrating the ability of IT Foundation Management to simplify and automate patching activities. Furthermore, patching performed through ConsoleWorks is automatically logged, providing a complete forensic record of activity for audits and verification purposes.

For more video demonstrations, visit the ITFM in Action page of our website.

Additional blog articles on patching and Multi-Connect are also available:

From Point Solutions to One System of Management

Is Patch Management a Constant Drain Rote Activity or Major Cost Savings Opportunity?

What’s New in ConsoleWorks 4.6?

By Tom Kearns

The availability of ConsoleWorks version 4.6 marks one of the most significant releases in recent history. The primary theme has been in the enhancing the security capabilities of the software, but there have been significant enhancements and improvements in other areas of the product also.

Some highlights from ConsoleWorks 4.6:

• Permissions Model Completely Re-engineered – Significant enhancements have been made with new capabilities that allow very granular control over what any one person is allowed to do in ConsoleWorks, particularly with separation of duties. Read the article about the new security model here: New Permissions Model in ConsoleWorks 4.6
• Command Control Console – Implemented in response to customer demand to facilitate regulatory and insider threat issues. The Command Control Console allows absolute control over the commands that a specific user is allowed to issue and absolute control over the content of the responses received. Read the article about the Command Control Console here: Command and Control with ConsoleWorks 4.6
• Additional Password Security Controls – ConsoleWorks 4.6 has been enhanced to handle expired inactive accounts, lockout accounts on repeated fail login accounts and has the ability to configure a minimum time between password changes.
• New Action Model – Significant enhancements have been made with regard to Action association and firing. Users now have the ability to define an Action one time and quickly associate that Action with any number of Events.
• Product Plugins via CWScript – ConsoleWorks will be shipped with the ability to enable or disable additional plugins (including Mail and Command).

Other features and improvements in ConsoleWorks 4.6 include ConsoleWorks SSH CLI improvements, IPV6 support, Secure WEF (Windows Event Forwarder), and additional enhancements to the Registration Proxy.

For more information on the new features of ConsoleWorks 4.6, I highly recommend that you watch this recording of our recent webinar: Before You Implement ConsoleWorks 4.6

Additional information on ConsoleWorks 4.6 can also be found on our support site: support.tditechnologies.com