Creating a baseline of your business’s computers, software, and mobile devices is the first step to getting your cyber security in hand.

Why create a computer baseline?

A baseline is like an advanced inventory. It tells you what computers exist, what operating systems and software are installed on them, and provides information about how the device behaves in normal operations.

In the future, you can refer back to this baseline to answer questions like:

  • Does this laptop we just found under someone’s desk belong to the business?
  • Should “trojan.exe” be installed on the boss’s computer or is that a potential indicator of compromise?
  • Does the server usually run at 95% of memory used? Is there a stealth process running in the background?

Creating a baseline helps you define what “normal” looks like for your business, so you can more easily see something that’s not normal.

How to create a computer baseline

First, you need to know all the computers, printers, mobile devices, etc., that are on your network. A good way to do this is to run a Zenmap scan against your internal network.

Second, use Nessus to get a deeper look at your machines, including a list of the software that is installed on each.

Next, take a walk around your business and find each computer or device that showed up on your scans. Make sure it’s an official business-owned piece of hardware. Take pictures to document the location (both general and specific; to help other people find it in the future), the serial number and model name, and anything else about the physical device that is important to your business.

Finally, spend a little time documenting how each device is running. Use this guide to create a list of open ports, running processes, and startup items. And use this guide from Microsoft to build a basic performance baseline. (Ignore the bit about “SQL Server 2016; It’ll work just fine for all your computers.)

That’s it!

Once you’ve built a computer baseline for your business, not only do you have a complete inventory of all your hardware and software, but you know how it should all be operating. In the future, if something goes sideways, you can refer to your baseline documentation to look for changes, and to help with rebuilding, if necessary.

  If you’d like a little help building a baseline of the computers in your organization, please contact me.