cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Masahiro
Newcomer III

What operational capabilities file hashes can enhance?

According to the question c06.062 of CCSP Official Practice Tests, file hashes can enhance both operational capabilities and configuration management efforts.

 

What do you think of the operational capabilities in this case?

 

Its explanatory note says the following.

 

File hashes can serve as integrity checks for both configuration management (to determine which systems are not configured to the baseline) and audit purposes (as artifacts/common builds of systems for audit review).

 

It seems the note says the operational capabilities equal to audit capabilities, though.

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
6 Replies
Steve-Wilme
Advocate II

Conventionally configuration management includes the practice of configuration auditing, which is probably why.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Masahiro
Newcomer III


@Steve-Wilme wrote:

Conventionally configuration management includes the practice of configuration auditing, which is probably why.

 


Thank you, Steve.

 

File hashes reveal integrity of original files. That is one of facets of configuration management. Right?

 

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
Pasuking
Viewer II

Masahiro,

I use hashing to verify the integrity of whitelisted applications before installation. It ensures users have not downloaded any other unapproved versions of the same application or simply added additional files to the file that could be used to cause chaos later on.

Angel Q
Masahiro
Newcomer III

Thanks Angel!
Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile
Caute_cautim
Community Champion

@MasahiroIf you dig into the NIST SP800-167 Application Whitelisting, it is also used to check the validity of applications permitted into the system.   You will also find a few manufacturers such as Juniper who have actually built in both Characterisation and Application Whitelisting into the Junos, for formally checking that software updates come from the correct resource, and also that someone has not manipulated the original updates.

 

Other solutions such as VMware Carbon Black does a similar series of checks too.

 

You will find similar techniques vouched and mandated by the Australian Information Security Manual and also by the New Zealand Information Security Manual too.  Both are well worth digging through, as they are both online and available for searching purposes.

 

Regards

 

Caute_Cautim

Masahiro
Newcomer III

Thank you for sharing your knowledge with me, @Caute_cautim .

Your reply made me much clearer about operational capabilities which file hashes can enhance.

Thanks!

 

Best regards,

 

Haneda, Masahiro
Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3
Location: Japan
My LinkedIn Profile