Critical Control 5 - Boundary Defence
http://www.sans.org/critical-security-controls/control.php?id=5
The next control on the list is boundary defence. It has been recognised by many organisations that protecting the perimeter, whilst important, is no longer what it is all about. Many organisations have what what we generally consider a hard crunchy outside and a soft squishy centre. The "internal" network is expanding into people's homes via VPN, onto mobile devices, into partner organisations and more. So boundary protection is nowadays more appropriate than perimeter protection. This is reflected in some of the standards that are around (think PCI and various government specific standards). A few years ago internal network segmentation was not very common. Today we are starting to see more network segmentation within organisations and people are exercising more control over traffic that flows through the network.
Many of the more spectacular breaches in the past year or two have been traced back to client side attacks. This is where good boundary defences can help reduce the risk. For example an organisation that has thought about the different types of uses for their network, the location of their data and how that data is to be accessed can start segmenting the network. They can implement measures to control the traffic or monitor it at the different boundaries. Client side attacks may still work, but the exfiltration of data may be detected and the impact of the breach is reduced as the infected machine no longer has full access to whole network.
When thinking about boundary defence it also pays to think about how traffic is supposed to flow through the environment. As part of this make sure you have policies in place that help you enforce this flow, e.g. no direct connections to the internet, all traffic must flow through a DMZ, etc. Once you have the architecture straight and you understand how information flows within the environment and how people access it, then it is time to start adding controls.
To control flows between network segments:
- Firewalls, external facing and internal.
- Routers with ACLs (Ok for certain internal uses, but you might want to steer clear of using this as you only defence at the perimeter).
- Intrusion Prevention System (IPS)
- Consider jump servers for management of sensitive network segments.
Controlling specific Traffic flows:
- Web traffic - Web filter to detect malware, filter access to malicious domains, perform URL filtering.
- Mail - Mail relay in DMZ, Implement Sender Policy Framework (SPF) and/or DKIM to help others identify your authorised mail senders. Use AV/Malware and Anti SPAM filtering in the DMZ. (you might want to do the same on the internal mail filter)
- Remote Access - Use 2 factor authentication, and control network traffic
Visibility
- DLP solutions - Monitor all traffic for information regarding your crown jewels.
- Intrusion Detection - look for threats in traffic flows on the network or use a host IDS to identify specific host threats.
- Central logging and review (e.g. SIEM).
There are many other ways of defending the boundary, let us know what you have found to be effective.
Mark
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago