What is Baseline Configuration Management (BCM)? The devices comprising a business’s IT infrastructure store all kinds of configuration information, from functional settings to software versions to various other records and files. Most companies devise a configuration policy which defines how devices should be configured and how configuration changes should occur. However, in many cases the companies do not have the tools needed to confirm that devices are conforming to the policy.

This is where BCM comes in. The baseline configuration is a snapshot of the configuration settings at a specific point in time. The configuration settings defined as the “most secure” state of an asset can then be used as a baseline for comparison. Baseline Configuration Management involves periodically retrieving the configuration of the asset and comparing it to the baseline.

Not managing the baseline represents significant risk to the business. The best way to understand the importance of BCM is to recognize that any device that does not have the proper configuration has a security vulnerability that can be exploited.

Unfortunately, many companies perform BCM as a manual activity, meaning that it is expensive, time-consuming, and prone to errors. At TDi Technologies, we solve this challenge with a device and platform agnostic approach to BCM that considerably simplifies the work involved. The ConsoleWorks solution completely automates this process, from retrieving the configuration, comparing against the baseline, alerting on changes, to identifying where changes have occurred.

For more information on Baseline Configuration Management, download the free whitepaper: Baseline Configuration Management: Closing the Security Gaps

For information on Baseline Configuration Management specific to the Utility sector, download the free whitepaper and solution brief on our NERC-CIP & Smart Grid Solutions page.

Patching is an aspect of system maintenance that every business must deal with. Although patching is often considered a routine activity, and a monotonous one at that, mistakes in patching can result in considerable headaches for the business. These mistakes may occur because patching is performed in isolation, often by separate teams, resulting in inconsistencies and errors.

This recorded product demonstration (Demonstration Video: Optimizing Patching) highlights the ability of Multi-Connect to simplify and automate patching on groups of like IT assets while maintaining clear visibility over results and creating a complete audit trail.

This video contrasts the traditional approach to patching with the approach using Multi-Connect, demonstrating the ability of IT Foundation Management to simplify and automate patching activities. Furthermore, patching performed through ConsoleWorks is automatically logged, providing a complete forensic record of activity for audits and verification purposes.

For more video demonstrations, visit the ITFM in Action page of our website.

Additional blog articles on patching and Multi-Connect are also available:

From Point Solutions to One System of Management

Is Patch Management a Constant Drain Rote Activity or Major Cost Savings Opportunity?

Whether it’s SOX, PCI, NERC-CIP, or HIPAA, organizations are facing more compliance issues than ever before, and the penalties for failing to comply with these regulations can be severe. To further complicate matters, no single product can address all the compliance requirements and no one department in an organization has responsibility for implementing solutions for all the compliance pieces. The result is multiple, overlapping and duplicative solutions that often don’t truly satisfy the needs of the auditors and don’t offer sufficient flexibility to allow for integration with other solutions.

Monitoring data is often easy to modify after it is collected, making it an unreliable source of compliance information. Integration with other solutions or moving data to a common data repository is difficult. Compliance reports are often generated by hand using several potentially unreliable sources, resulting in reports that are inconsistent from event to event.

IT Foundation Management provides a real-time view of compliance risk, automatically capturing and recording all changes in the IT foundation. The records produced are accurate, consistent, comprehensive, and no manual work is required to produce them. These records provide the means to prove compliance, pass audits, and verify practices across the entire IT foundation.

The comprehensive, real-time compliance approach of IT Foundation Management makes compliance issues immediately actionable and significantly reduces risk to the business.

Securing remote access to IT assets is an important topic, as many businesses utilize remote access in their normal day-to-day operations. This obviously includes personnel working from a remote location, but also refers to those inside the physical security perimeter who connect to IT assets from outside the electronic security perimeter (ESP). The goal of Remote Access Management is to ensure that the proper level of security is maintained for these connections.

A comprehensive Remote Access Management solution should defend against unauthorized access inside an organization’s ESP while enabling operations to be performed in an expedient and efficient manner by remote users with the proper authorization.

From a security perspective, personnel both inside and outside the ESP should be utilizing the same controls for access, ensuring a consistent view, method, and process is used for the control of assets. This includes role-based access control, logging, and real-time event/incident detection. Addressing the requirements for Remote Access Management in isolation can result in a fragmented security solution, which can significantly affect the ability of the organization to support availability.

For a detailed overview of Remote Access Management, download our free whitepaper: Whitepaper: Operations Enablement with Secure Remote Access

Many of today’s monitoring solutions don’t provide for a simple way to perform remediation. Users are often required to keep lists of computer names, IP addresses, log locations, and terminal server port numbers. In addition, they must maintain definitions of the thousands of, often cryptic, error messages each device may issue. These lists are often out of date and kept by individuals, making shared remediation responsibilities problematic.

When a problem occurs with a system, administrators have to find the required remediation information from many sources. They then must isolate and connect to the suspected failed devices. In many cases, they have to physically go to the data center, find the failed device among the many others, find the equipment required to connect to the failed device, then connect to the hardware management interface to first determine what the problem might be, then remediate.

All of this wastes valuable time – and a considerable amount of money.

With IT Foundation Management, receive real-time notification when a problem occurs – including root causes – via email, cell phone, and text message. ConsoleWorks from TDi Technologies provides centralized, digitally signed, time-stamped logs of all device activity, including who has connected, when they connected, and what they did, keystroke by keystroke. ConsoleWorks provides a clear understanding of the vendor error messages with best practices, internal links to operations procedures manuals, and complete examples of previous remediation for the same event.

With ConsoleWorks, time to remediate is significantly reduced (also cutting costly downtime). In addition, remediation is performed in a consistent manner, eliminating unanticipated negative impacts on other systems.

The following videos demonstrate some of the Remediation capabilities of ConsoleWorks:
Incident Remediation
Creating a Knowledge Base of Remediation Best Practices

One exciting new feature included in ConsoleWorks 4.6 is the Command Control Console. This contains user-accessible scripted routines that enhance an administrator’s control over which operators can connect to a managed asset and what they can do while connected – right down to enforcing specific command selection and syntax.

Essentially, the ability to control which commands a particular user can use allows administrators to establish a whitelist or blacklist of commands on a particular device. This can be enforced by restricting which commands are accepted (blacklist) or by providing a menu of commands, and only those commands can be selected (whitelist). Additionally, administrators can turn common, yet complex, tasks into simple commands that operators can use to accomplish more, more easily.

This is a very flexible and useful piece of technology for customers who want to restrict what actions their users can perform on particular consoles. It enables an added layer of security by providing a more granular delegation of authority.

For more information on the new features of ConsoleWorks 4.6, including the command control console, I highly recommend that you watch this recording of our recent webinar: Before You Implement ConsoleWorks 4.6.

Additional information on ConsoleWorks 4.6 can also be found on our support site: support.tditechnologies.com

With the release of the newest version of ConsoleWorks, Version 4.6, we at TDi Technologies are excited about the many improvements and additions we’ve made in this version. Probably the most extensive change in CW 4.6 is a complete rework of the permissions (or privilege) model.

The new permissions model allows the administrator to assign privileges to users without the granular limitations that existed in previous versions of ConsoleWorks. For example, in previous versions, a user who needed specific privileges for their work may have been assigned to a role that gave them additional privileges, possibly more power than desired. The new model enables the flexibility to handle the variety (and complexity) of user privilege that exists in many businesses – granting users everything they need to do their jobs, but nothing more.

But what if you like the way the role-based permissions are working now? We thought of that too. During the conversion process, all existing profiles will be automatically converted to the new permissions model, so that all the permissions are still available and no new privileges will be provided to those users.

For more information on the new features of ConsoleWorks 4.6, including the new permissions model, I highly recommend that you watch this recording of our recent webinar: Before You Implement ConsoleWorks 4.6

Additional information on ConsoleWorks 4.6 can also be found on our support site: support.tditechnologies.com

The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate a broad adoption of consistent data security measures globally. PCI-DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It is a comprehensive standard that is intended to help organizations proactively protect customer account data.

PCI-DSS Version 2.0, Requirement 10 covers tracking and monitoring of all access to network resources and cardholder data. The intent of this requirement is that logging mechanisms and the ability to track privileged user activities are critical in preventing, detecting, or minimizing the impact of a data compromise. This includes all actions, taken by any individual with root or administrative privileges to configuration ports.

My IT operations customers often struggle with the intent of this requirement as it relates to providing highly privileged access utilizing configuration ports. Since configuration ports are, by default, the emergency access point for every IT device, they are critical for improving mean time to repair (MTTR). Common vendor names for these type of ports are iLO2 (HP), DRAC (Dell), ALOM, ILOM (Sun/Oracle) and CIMC (Cisco).

For a discussion on privileged access to configuration ports, the significant threat they pose as it relates to the intent of PCI-DSS Version 2.0, Requirement 10, see our whitepaper on this subject at: http://www.tditechnologies.com/whitepaper-pci-requirement-10-configuration-ports

ConsoleWorks provides a comprehensive solution for tracking, monitoring, analyzing and alerting on actions taken by privileged individuals with administrative privileges as required by PCI-DSS V2.0, Requirement 10.

One of the ways in which ConsoleWorks provides powerful capabilities to perform remediation is that it allows users to build a knowledge base of best practices whenever event remediation is performed. This recorded product demonstration (Creating a Knowledge Base of Remediation Best Practices) walks through this process step-by-step.

In the demonstration, an event occurs and is detected by ConsoleWorks. When the event remediation is performed, all of the activities in the remediation are captured and associated with that event. Users may then select this remediation as the best practice. Each time that the event reoccurs, this best practice will be presented by ConsoleWorks for use in resolving the issue.

This remediation can include both commands and notes, so system administrators and system experts can capture and embed their critical domain knowledge in the system. This shared knowledge base can serve as guidance for those with less system experience or those who have not encountered a particular issue before.