Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Masahiro
Newcomer III
‎10-02-2021 04:51 AM
‎10-02-2021 04:51 AM

What operational capabilities file hashes can enhance?

According to the question c06.062 of CCSP Official Practice Tests, file hashes can enhance both operational capabilities and configuration management efforts.

 

What do you think of the operational capabilities in this case?

 

Its explanatory note says the following.

 

File hashes can serve as integrity checks for both configuration management (to determine which systems are not configured to the baseline) and audit purposes (as artifacts/common builds of systems for audit review).

 

It seems the note says the operational capabilities equal to audit capabilities, though.

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
Reply
0 Kudos
6 Replies
Steve-Wilme
Advocate II
‎10-04-2021 03:43 AM
‎10-04-2021 03:43 AM

Conventionally configuration management includes the practice of configuration auditing, which is probably why.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos
Masahiro
Newcomer III
‎10-05-2021 06:51 AM
‎10-05-2021 06:51 AM

@Steve-Wilme wrote:

Conventionally configuration management includes the practice of configuration auditing, which is probably why.

 

Thank you, Steve.

 

File hashes reveal integrity of original files. That is one of facets of configuration management. Right?

 

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
Reply
0 Kudos
Pasuking
Viewer II
‎10-06-2021 09:50 PM
‎10-06-2021 09:50 PM

Masahiro,

I use hashing to verify the integrity of whitelisted applications before installation. It ensures users have not downloaded any other unapproved versions of the same application or simply added additional files to the file that could be used to cause chaos later on.

Angel Q
Reply
Masahiro
Newcomer III
‎10-07-2021 06:51 AM
‎10-07-2021 06:51 AM

Thanks Angel!
Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
Reply
0 Kudos
Caute_cautim
Community Champion
‎10-10-2021 03:50 PM
‎10-10-2021 03:50 PM

@MasahiroIf you dig into the NIST SP800-167 Application Whitelisting, it is also used to check the validity of applications permitted into the system.   You will also find a few manufacturers such as Juniper who have actually built in both Characterisation and Application Whitelisting into the Junos, for formally checking that software updates come from the correct resource, and also that someone has not manipulated the original updates.

 

Other solutions such as VMware Carbon Black does a similar series of checks too.

 

You will find similar techniques vouched and mandated by the Australian Information Security Manual and also by the New Zealand Information Security Manual too.  Both are well worth digging through, as they are both online and available for searching purposes.

 

Regards

 

Caute_Cautim

Reply
Masahiro
Newcomer III
‎10-13-2021 04:55 AM
‎10-13-2021 04:55 AM

Thank you for sharing your knowledge with me, @Caute_cautim .

Your reply made me much clearer about operational capabilities which file hashes can enhance.

Thanks!

 

Best regards,

 

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
Reply
0 Kudos