Objective of this paper is to implement a configuration management plan for an email server of an organization. The paper argues that Microsoft scanning tools are critical to identify vulnerabilities within an email system. Next step is to install patches in the system after the vulnerabilities have been identified. The process will enhance a maximum security for the system.
Configuration Management Plan
The purpose of this document is to discuss a configuration management (CM) plan for the "corporate network for a security patch that needs to be applied to the email server." Configuration management plan provides a straightforward process to ensure an inevitable network changes, and a proper configuration assists an organization to enjoy network efficiency.
Identification of Changes to be made to the System
A patch is a software device that could be used to fix a network problem. Typically, a patch could be used to fix a security vulnerability of the network system to enhance its performances. This document describes the process of providing a security patch to the system as well as ensuring that the existing system does not break in the process. Establishing a security patches involves a risk management plan to critically assess email server to identify the vulnerability of the email server to both internal and external attack. To identify changes to be made in the system, an organization should carry out the following procedure:
Creating a Patch and Vulnerability Group" (PVG) to organizational software inventory,
PVG should be to identify vulnerabilities and security patches,
Prioritizing patch application.
"To assist in updating the operating systems and certain applications, Microsoft has created a variety of tools and automated techniques to identify necessary patches and install them. These tools are relatively new, and additional functionality is being added continually. Currently, Microsoft offers the following capabilities": (Mell, & Tracy, 2002, P 33).
Windows Update
Microsoft Office Update
MPSA (Microsoft Personal Security Advisor),
HfNetChk (Microsoft Network Security Hotfix Checker ),
Qfecheck
" Microsoft Security Toolkit,
Windows Critical Update Notification
Microsoft Security Notification Service
However, evaluation of the change request is very critical to enhance effective configuration plan.
Evaluation of the Change Request
Evaluation of the corporate email server involves testing of the network to collect data on all the corporate network and email server to identify all potential vulnerabilities to the email server. Testing for security patches could be done in-house or use of an external service provider. Evaluation of email server is useful to verify stability of the system, and evaluation process assists an organization to identify which updates that need to be implemented. An automated method could be used to monitor the system and identify the patch status. The results of the automated scanning will be used to identify which areas needed to be updated. (SANS Institute, 2003).
A cost effective test lab is to use a VMW to create a "Lab in a box." A VMW allows an administrator to test email server as well as evaluating multiple configuration. Moreover, there are numerous tools that could be used to scan the system to identify vulnerabilities and many of them are available free of charge. For example, Microsoft SCA (Security Configuration Analysis) is a scanning tool to evaluate the system to identify the vulnerability in the system. The SCA could be used to fix a security holes within the system. Moreover, the Center for Internet Security (CIS) has tools to identify configuration weakness. Nessus could also be used to scan for security vulnerabilities. Identification of vulnerability will require a corporate organization to make a decision to implement changes for the email server to enhance an effective corporate network system.
Process to Implement the Decision
Process to implement the decision is to set aside both financial and human resources. Organizations should set aside that sufficient financial resources, and skilled it personnel to carry out the implementation of the project. Personnel to carry out patch stability must possess expertise in critical system and capable of verifying stability of the system after the patch installation. However, before the installation of patch is carried out, there is a need to implement a full back up of all data as well as server configuration. A best practice for disaster recovery is to do a back up of data. Moreover, there is a need to create an Emergence Repair disk for the email server.
Process to Implement the Change Request
The process to implement the change request is to install patches in the email server. However, an organization should update the gateway before installing patches to address vulnerability in the email server. The process to implement the change process involves the following:
Creating organizational-specific patch database,
Testing patches,
Distributing vulnerability and patch information to system administrators
Verification of patch installation through host and network scanning,
Provide training for system administrators for the use of vulnerability databases,
Deploying patches automatically.
The important step is to train system administrators who will be responsible to the vulnerability database. Training will assist the organization to provide a line of defense in the patching process. The next important process is to perform an automatic deployment of patches using an automated distributed patch deployment. Using this strategy, an organization will be able to provide a maximum security for the mail server.
You’re 87% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.