Presentation is loading. Please wait.

Presentation is loading. Please wait.

Critical Security Controls

Published byClaribel Young Modified over 6 years ago

Similar presentations

Presentation on theme: "Critical Security Controls"— Presentation transcript:

1 Critical Security Controls
SANS Initiative

2 Inventory of Devices Authorized & Unauthorized
Reduce the ability of attackers to find and exploit unauthorized and unprotected systems Active monitoring Configuration management Up-to-date device inventory on the network Servers, workstations Routers, remote devices

3 Inventory of Software Authorized & Unauthorized
Identify vulnerable and malicious software to prevent and mitigate attacks Inventory of approved software Track software installations – type version and patch level Inventory of disallowed software Virtualize major enterprise applications

4 Secure Configurations
Prevent attacks from exploiting services and settings that allow easy access through networks and browsers Standard secure machine images On all new systems deployed in the enterprise Follows best practices Hosted on secure servers Regularly validated and updated Configurations tracked

5 Vulnerability Assessment
Positively identify and repair software vulnerabilities reported by researchers and vendors Continuous vulnerability assessment Continuous remediation Use automated scanning tools Fix problems within 48 hours

6 Malware Defenses Block malicious code from altering system settings or contents, capturing data or spreading Anit-virus anti-spyware software Continuous scanning Automatically updated daily Disable auto-run on network devices

7 Application Software Security
Neutralize vulnerabilities in web-based and other application software Carefully test all application software for security flaws . Coding errors, malware Deploy web application firewalls (modsecurity) Inspect all traffic Explicitly check user input errors (size and data type)

8 Wireless Device Control
Protect against unauthorized wireless access Allow wireless access provided: The device matches an authorized config Authhorized security profile Has a documented owner and business need All access points aare manageable using enterprise tools Scanning tools should be able to detect all access points

9 Data Recovery Capability
Minimize damage from an attack Automate back up of all information required Full restoration capability of all systems Operating systems Application software Data All systems weekly Sensitive info daily Regularly test restore process

10 Training and Skills Assessment
Find knowledge gaps and remediate with training and exercises Develop a skills assessment program Skills required for each job Remediate Allocate reources

11 Secure Configurations
Close all holes from forming at connection points to the outside Devices: firewalls, routers, and switches Compare configurations with best practices Document all deviations with appropriate approvals All temporary deviations are reversed

12 Limitation and Control of Network
Remote access permitted only to l egitimatte users and services Holes: ports, protocols, and services Block everything that is not explicitly allow Use host-based firewalls, port-filtering and scanning tools Configure services to limit remote remote access Disallow automatic software installation Move servers behaind the firewall unless required

13 Controlled Use of Admin Privileges
Protect and validate admin accounts everywhere Dissuade users from opening malicious , attachments or visiting malicious websites Robust passwords

14 Boundary Defense Control the flow of traffic through network borders, police content looking for attacks Establish multilayered boundary defenses Firewalls, proxies DMZ Perimeter networks Filter inbound and outbound traffic

15 Use logs to identify attacks and uncover details of the attack
Security Audit Logs Use logs to identify attacks and uncover details of the attack Maintain, monitor and analyze detailed logs Logs are standardized as much as possible Transactions Packets

16 Based on strict need to know basis
Access Control Based on strict need to know basis Separate critical data from readily available data Establish a multilevel data classification scheme Based on impact of data exposure Associate data with an owner and permitted users

17 Keep attackers from impersonating legitimate users
Account Monitoring Keep attackers from impersonating legitimate users Immediately revoke system access for terminated employees Disable dormant accounts Use robust passwords

18 Data Loss Prevention Prevent unauthorized transfer of data through network attacks and physical theft Monitor data movement across network boundaries Monitor people, processes, and systems Use a centralized management framework Removable storage devices

19 Incident Response Capability
Protect the enterprises information and reputation Develop incident response plan Roles and rsponsibilities Contain the damage Eradicating the attackers presence Restoring the integrity of the network and systems

20 Secure Network Engineering
Use robust and secure network engineering discipline Three layers DMZ Middleware Private network Rapid deployment of new access controls

21 Use simulated attacks to improve organizational readiness
Penetration Tests Use simulated attacks to improve organizational readiness Penetration tests: internal and expernal Use periodic red team exercises Test existing defenses Test response capabilities

Download ppt "Critical Security Controls"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Network and Server Attacks and Penetration Chapter 12.

Network and Server Attacks and Penetration Chapter 12.
Controls for Information Security

Controls for Information Security
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
One-Man Shop How to build a functional security program with limited resources DEF CON 22 (or DAMN I wish I had a budget...)

One-Man Shop How to build a functional security program with limited resources DEF CON 22 (or "DAMN I wish I had a budget...")
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
General Awareness Training

General Awareness Training
Security Management prepared by Dean Hipwell, CISSP

Security Management prepared by Dean Hipwell, CISSP
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance

Similar presentations

Ads by Google