Do configuration management tools make systems more secure?: an empirical research plan

Abstract

Configuration Management Tools (CMT) help developers manage the system and installed application in an automated and efficient manner. However, misconfiguration in these tools can make a system vulnerable to compromises. Whether the usage of these tools makes the systems secure - this question can only be answered through empirical evidence. Hence, we propose a empirical research plan on the impact of CMT on systems where these tools have been applied. As a case, we will investigate the case of Endpoint Linux Management System managed by Puppet, a popular configuration management tool.