I am all about the baselines. I’ve made an entire career out of them. But if you were to ask a random person on the street what that means, the reaction would be: “Who the heck are you, and why are you asking me random weird questions.” So it would be better if you found someone in the tech industry at least.
The Early Days of the Baseline Question
In the old days (all of 20 some odd years ago), the question about baselines centered around performance at scale. IT professionals talked about clusters of computers (physical ones even) that needed to be identical in order for the application to operate correctly. Or in the event of a failover solution or disaster recovery scenario, they noted how servers or applications needed to be identical to ensure that businesses would continue to exist.
The question of performance at scale even extended to the hardware layer. Hard drives, network cards, power supplies needed to be identical in order to be redundant.
The Introduction of Software
Then came the idea that not only did the hardware need to be identical but so did the software. That’s where products like Tripwire came in. How could you tell whether or not the files or other objects on the asset were the same or different, not only on a single server but across several? You baseline them. You essentially take a snapshot of the objects. With that baseline in place, you can tell not only if something has changed on the asset itself but also if you have the original “image” to compare it to, allowing you to see how it’s changed.
The power that this functionality provides can then be extended beyond the original asset. How does the software on one server compare to (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Chris Orr. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/baselines-security-edition/