Configurations are managed so as to eliminate known
vulnerabilities and assure that configurations are in keeping with
policies. Examples include many configuration management tools now
available for implementing protection policy across a wide range of
platforms, menu-based tools used to set up and administer systems, and tools
used to configure and manage firewalls.
management normally requires a tool to describe policy controls, a tool to
translate policy into the methods available for protection, and a set of
tools which implement those controls on each of the controlled machines. In
some cases, policy may be incommensurable with implemented protection
capabilities, in other cases, proper configuration may require a substantial
amount of effort, and the process of changing from one control setting
to the next may introduce unresolvable insecurities.