Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02

1. Critical Controls for Cyber DefenseMadhurVermaCISSP, MVP (Consumer Security)CEH, CIW Security Analyst, MCTS, MCSE, MCSA

2. Computer Attacker Activities and Associated DefensesSecurity defenses include identifying attacker presence and reducing “living space”Security defenses include controlling superuser privileges [admin and root]Security defenses include disrupting command and control of attacker-implanted softwareSecurity defenses include decreasing attack surface and hardening security

3. Critical Control 1Boundary DefenseAll outgoing traffic must pass through at least one proxy on a DMZ network

4. All remote login access required to use two-factor authentication

5. Health checking of all remotely logging devices

6. Periodically scan for back-channel connections to the Internet that bypass the DMZ

7. Identify covert channels exfiltrating data through a firewall with built-in firewall session tracking mechanisms Critical Control 2Secure Configurations for Network Devices such as Firewalls, Routers and SwitchesCompare firewall, router and switch configuration against standard secure configurations defined for each type of network device

8. Implement ingress and egress filtering

9. Management network should be seprated from production networkCritical Control 3Wireless Device ControlEnsure that each wireless device connected to the network matches an authorized configuration and security profile

10. Ensure all wireless traffic leverages at least AES encryption used with at least WPA2 protection

11. Ensure wireless networks use authentication protocols such as EAP/TLS or PEAP

12. Disable peer-to-peer wireless network capabilities on wireless clients

13. Disable wireless peripheral access of devices

14. Regularly scan for unauthorized or misconfigured wireless infrastructure devicesCritical Control 4Limitation and Control of Network Ports, Protocols and ServicesUse Host-based Firewalls or port filtering tools

15. Regularly review the ports, protocols and services needed

16. Operate critical services on separate physical host machines

17. Port scanning tools are used to determine which services are listeningCritical Control 5Malware DefensesMonitor workstations, servers and mobile devices for active, up-to-date anti-malware protection

18. All malware detection events should be sent to enterprise anti-malware administration tools and event log servers

19. Configure laptops, workstations and servers so that they will not auto-run content from removable media

20. Configure systems to conduct an automated anti-malware scan of removable media when it is insertedCritical Control 6Secure Configurations for Hardware and Software on Laptops, Workstations and ServersStandardized images should represent hardened versions of the underlying OS and the applications installed on the system

21. Utilize file integrity checking tools to ensure that critical systems files have not been alteredCritical Control 7Application Software SecurityProtect web applications by deploying web application firewalls that inspect all traffic flowing to the web application for common web application attacks

22. Check for in-house developed and third-party procured web and other application software for coding errors, malware insertion, including backdoors prior to deployment

23. Verify that security considerations are taken into account throughout phases of the application development life cycle of all applicationsCritical Control 8Controlled use of Administrative PrivilegesShould have a good password policy

24. Change all default passwords before deploying

25. Ensure that administrator accounts are used only for system administration activities and not for reading e-mail, composing documents or surfing the Internet

26. Configure systems to issue a log entry and alert when an account is added to or removed from domain administrators group

27. User awarenessCritical Control 9Controlled Access Based on Need-to-KnowEstablish a multi-level data identification or separation scheme

28. Ensure that file shares have defined controls

29. Enforce detailed audit logging for access to non-public data and special authentication for sensitive data Critical Control 10Account Monitoring and ControlEstablish a good account management policy

30. Review all system accounts and disable any account that cannot be associated with a business process and business owner

31. Monitor account usage to determine dormant accounts

32. Monitor attempts to access deactivated accounts through audit loggingCritical Control 11Inventory of Authorized and Unauthorized SoftwareDevise a list of authorised software that is required

33. Deploy software inventory tools

34. Deploy software white-listing technology that allows systems to run only approved applications and prevents execution of all other softwareCritical Control 12Inventory of Authorized and Unauthorized DevicesDevise a list of authorised devices

35. Deploy asset/network management toolsCritical Control 13Maintenance, Monitoring and Analysis of Security Audit LogsLogs should be recorded in standardized format such as syslog or those outline by Common Event Expression (CEE) initiative

36. Network boundary should be configured to log verbosely all traffic arriving at the device

37. Ensure logs are written to write-only devices or to dedicated logging servers

38. Deploy SEIM system tool for log aggregation and consolidation Critical Control 14Data Loss PreventionDeploy hard drive encryption software to laptop machines that hold sensitive data

39. Control the use of removable devices

40. Data stored on removable drives should be encrypted

41. Deploy an automated tool on network perimeter that monitors certain Personally Identifiable Information, keywords and other document characteristics to determine attempts to exfiltrate data Critical Control 15Continuous Vulnerability Assessment and RemediationRun automated vulnerability scanning tools against all systems

42. Compare the results from back-to-back vulnerability scans to verify that vulnerabilities were addressed

43. Measure the delay in patching new vulnerabilities

44. Deploy automated patch management tools and software update toolsCritical Control 16Secure Network EngineeringSegment the enterprise network

45. Follow best security practices for deploying servers, network devices and Internet services

46. Network should support rapid response and shunning of detected attacksCritical Control 17Penetration Tests and Red Team ExercisesConduct regular penetration test to identify attack vectors

47. Perform periodic red team exercises to test the readiness of organizations to identify and stop attacks or to respond quickly and effectively

48. Ensure that systemic problems discovered in penetration tests and red team exercises are fully mitigatedCritical Control 18Incident Response CapabilityShould have written incident response procedures

49. Should assign job titles and duties for handling incidents to specific individuals

50. Should notify CERT-In in accordance

51. Publish information to all personnel about information of incidents for awareness

52. Conduct periodic incident response drills for scenario to ensure that personnel understand current threats, risks and their responsibilities Critical Control 19Data Recovery CapabilityShould have good backup policy

53. Ensure that backups are encrypted

54. Backup media should be stored in physically secure areasCritical Control 20Security Skills Assessment and Appropriate Training to Fill Gaps Develop security awareness trainings

55. Devise periodic security awareness assessment quizzes

56. Conduct periodic exercises to verify that employees and contractors are fulfilling their information security dutiesResourceshttp://www.sans.org

57. http://www.microsoft.com/technet

Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02

More Related Content

What's hot (20)

Viewers also liked (17)

Similar to Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02 (20)

Recently uploaded (20)

Criticalcontrolsofcyberdefensefinal 100128032433 Phpapp02