Remediating Problems
The entire process of baselining is meant to find and eliminate issues that can and will impact your security. Remediation of any problems is very straightforward. In this step of the baselining process, you list and prioritize your issues, document the proposed fix, and lastly deploy it.
Categorizing and Prioritizing Issues
As issues are identified through the baselining process, try to define them by criticality. This can provide a proper road map to correcting the issues.
If you were to take the issues found by Nessus as described earlier, you might construct a spreadsheet like the one shown in Figure 4-12 to track and remedy the issues. Here, you can see that the spreadsheet is segmented by columns, allowing you to track the vulnerability, the risk factor, description of the vulnerability, and the recommended fix.
You can quickly review your list of items and focus your time on the problems that matter most, and spend less time on those that matter least. As shown by the final entry in Figure 4-12, some issues are described by “No fix required.” You will want to track those anyway as part of the baseline. Although it's not likely, a Low risk factor could become a Medium or High if a new exploit is discovered that can take advantage of it.
Figure 4-12: Sample baseline report for Nessus scan
After you take care of all the issues, be sure to document the updated ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
