SANS Institute First Five Quick Wins



Similar documents
Critical Security Controls

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Top 20 Critical Security Controls

Cybersecurity Health Check At A Glance

PCI DSS Requirements - Security Controls and Processes

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Larry Wilson Version 1.0 November, University Cyber-security Program Controls Book

Security Management. Keeping the IT Security Administrator Busy

FileCloud Security FAQ

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

5 Steps to Advanced Threat Protection

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Supplier Information Security Addendum for GE Restricted Data

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Defence Cyber Protection Partnership Cyber Risks Profile Requirements

How To Protect Your Network From Attack

Information Technology Branch Access Control Technical Standard

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

INCIDENT RESPONSE CHECKLIST

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

SPICE EduGuide EG0015 Security of Administrative Accounts

Verve Security Center

Best Practices for PC Lockdown and Control Policies. By Dwain Kinghorn

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

The Critical Security Controls for Effective Cyber Defense. Version 5.1

Network Security Policy

THE TOP 4 CONTROLS.

Did you know your security solution can help with PCI compliance too?

ISO COMPLIANCE WITH OBSERVEIT

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

Cyber Essentials Questionnaire

Procedure Title: TennDent HIPAA Security Awareness and Training

End-user Security Analytics Strengthens Protection with ArcSight

CITY OF BOULDER *** POLICIES AND PROCEDURES

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

How ByStorm Software enables NERC-CIP Compliance

Introduction. PCI DSS Overview

Data Management Policies. Sage ERP Online

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Critical Controls for Effective Cyber Defense

March

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

The City of New York

GFI White Paper PCI-DSS compliance and GFI Software products

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Josiah Wilkinson Internal Security Assessor. Nationwide

User Guide. Version R91. English

Network and Host-based Vulnerability Assessment

Additional Security Considerations and Controls for Virtual Private Networks

Cyber Essentials Scheme

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Critical Controls for Cyber Security.

Windows Operating Systems. Basic Security

ncircle and Core Security: Solutions for Automating the Consensus Audit Guidelines Critical Security Controls

PCI Data Security Standards (DSS)

Management (CSM) Capability

74% 96 Action Items. Compliance

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

SANS Top 20 Critical Controls for Effective Cyber Defense

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Becoming PCI Compliant

AUTOMATING THE 20 CRITICAL SECURITY CONTROLS

Security Controls for the Autodesk 360 Managed Services

Protecting Your Organisation from Targeted Cyber Intrusion

How To Manage A Privileged Account Management

2: Do not use vendor-supplied defaults for system passwords and other security parameters

Autodesk PLM 360 Security Whitepaper

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

Observations from the Trenches

DHHS Information Technology (IT) Access Control Standard

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Workflow Templates Library

e-governance Password Management Guidelines Draft 0.1

Managing Access Control in PresSTORE

The Protection Mission a constant endeavor

05.0 Application Development

Information Technology Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Securing Remote Vendor Access with Privileged Account Security

Central Agency for Information Technology

Cyber Security for NERC CIP Version 5 Compliance

THE PENNSYLVANIA STATE UNIVERSITY OFFICE OF HUMAN RESOURCES PASSWORD USAGE POLICY

ManageEngine Desktop Central Training

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Transcription:

#1 QUICK WIN- APPLICATION WHITELISTING SANS Critical Controls: #2: Inventory of Authorized and Unauthorized Software 1) Deploy application whitelisting technology that allows systems to run software only if it is included on the white list and prevents execution of all other software on the system. The whitelist may be very extensive (as is available from commercial whitelist vendors), so that users are not inconvenienced when using common software. Or, for some special-purpose systems (which require only a small number of programs to achieve their needed business functionality); the whitelist may be quite narrow. When protecting systems with customized software that may be seen as difficult to whitelist, use item 8 below (isolating the custom software in a virtual operating system that does not retain infections). 2) Devise a list of authorized software and its corresponding required version that is approved for use in the enterprise for each type of system, including servers, workstations, and laptops of various kinds and uses. This list should be monitored by file integrity checking tools to validate that the authorized software has not been modified. 3) Perform regular scanning for unauthorized software and generate alerts when it is discovered on a system. A strict change-control process should also be implemented to control any changes or software installations to any systems on the network. This includes alerts related to unrecognized binaries (executable files, DLL's and Viewfinity Addressed by Viewfinity Application Control - The Viewfinity Application Control Solution provides a fully automated whitelisting solution including the ability to define software that is allowed to run in your environment based on trusted sources. We also provide the ability to enforce passive monitoring of application history and restrictive default deny model where only whitelisted software is allowed to run. Addressed by Viewfinity Application Control - Viewfinity Application Control automates the whitelisting process, which in turn, significantly lowers the need for IT involvement once the initial policy is created. Trusted Sources establishes whitelist sources for all software, applications and devices in your environment which are allowed to execute. To support dynamic client environments, Viewfinity supports a vast array of different methods for identifying Trusted Sources such as: trusted image, trusted software distribution system, trusted updaters, publishers, etc. Addressed by Viewfinity Application Control - Viewfinity can monitor the usage of Greylisted (unclassified) applications and alert administrators to suspicious behavior.

other libraries, etc.) that are found on a system, even inside of compressed archives. This includes checking for unrecognized or altered versions of software by comparing file hash values (attackers often utilize altered versions of known software to perpetrate attacks, and file hash comparisons will reveal the compromised software components). 4) Deploy software inventory tools throughout the organization covering each of the operating system types in use, including servers, workstations, and laptops. The software inventory system should track the version of the underlying operating system as well as the applications installed on it. Furthermore, the tool should record not only the type of software installed on each system, but also its version number and patch level. 5) The software inventory systems must be integrated with the hardware asset inventory so that all devices and associated software are tracked from a single location. 6) The software inventory tool should also monitor for unauthorized software installed on each machine. This unauthorized software also includes legitimate system administration software installed on inappropriate systems where there is no business need for it even if it is white listed. Dangerous file types (e.g., exe, zip, msi, etc.) should be closely monitored and/or blocked. 7) Software inventory and application white listing should also be deployed on all mobile devices that are utilized across the organization. 8) Virtual machines and/or air-gapped systems should be used to isolate and run applications that are required but based on higher risk and that should not be installed within a networked Viewfinity tracks the software inventory deployed on endpoints and lists of the software installed and versions. Viewfinity tracks all deployed software and hardware inventory on endpoints. Addressed by Viewfinity Application Control - Viewfinity can be configured to monitor usage of unauthorized applications and alert administrators. Viewfinity tracks software inventory and white listed applications on mobile devices such as remote laptops and tablet devices. Addressed by Viewfinity Application Control - Policies can be enforced on virtual machines and/or air-gapped systems and applied to machines outside of a networked environment.

environment. 9) Configure client workstations with non-persistent, virtualized operating environments that can be quickly and easily restored to a trusted snapshot on a periodic basis. 10) Deploy software that only provides signed software ID tags. A software identification tag is an XML file that is installed alongside software and uniquely identifies the software, providing data for software inventory and asset management. Addressed by Viewfinity Application Control - Policies can be enforced on virtual workstations within a non-persistent virtualized environment that can be quickly and easily restored to a trusted snapshot on a periodic basis. Addressed by Viewfinity Application Control - Viewfinity Application Control is not used as a tool to deploy software. However, Viewfinity can be used to approve authorized software installation including controlled software distribution products and locations which contain only software with ID tags.

#5 QUICK WIN- REDUCE THE NUMBER OF USERS WITH ADMINISTRATIVE PRIVILEGES: SANS Critical Controls: #12: Controlled Use of Administrative Privileges 1) Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior. 2) Use automated tools to inventory all administrative accounts and validate that each person with administrative privileges on desktops, laptops, and servers is authorized by a senior executive. 3) Configure all administrative passwords to be complex and contain letters, numbers, and special characters intermixed, with no dictionary words present in the password. Strong passwords should be of a sufficient length to increase the difficultly it takes to crack the password. Pass phrases containing multiple dictionary words, along with special characters, are acceptable if they are of a reasonable length. 4) Configure all administrative-level accounts to require regular password changes on a frequent interval tied to the complexity of the password. - 5) Before deploying any new devices in a networked environment, change all default passwords for applications, operating systems, routers, firewalls, wireless access points, and other systems to a Viewfinity Addressed by Viewfinity Application Control - Viewfinity helps organizations manage least privilege environments by controlling end user and privileged user rights for applications and/or reducing permissions for privileged users. Along with this core competency, we provide the most comprehensive solution available for tracking and auditing all privileged and administrative activities and elevated privilege policies across an organization's entire infrastructure, from Windows-based endpoints, to servers, virtual machines. Addressed by Viewfinity Application Control - Viewfinity discovers users with administrative accounts and produces corresponding reports containing users and computers. Viewfinity provides a free utility which can remove users from administrator roles: The Viewfinity Local Admin Discovery Tool.

difficult-to-guess value. 6) Ensure all service accounts have long and difficult-to-guess passwords that are changed on a periodic basis, as is done for traditional user and administrative passwords, at a frequent interval of no longer than 90 days. 7) Store passwords for all systems in a well-hashed or encrypted format, with weaker formats eliminated from the environment. Furthermore, files containing these encrypted or hashed passwords required for systems to authenticate users should be readable only with super-user privileges. 8) Utilize access control lists to ensure that administrative accounts are used only for system administration activities, and not for reading e-mail, composing documents, or surfing the Internet. Web browsers and e-mail clients especially must be configured to never run as administrator. 9) Through policy and user awareness, require that administrators establish unique, different passwords for their administrative and non-administrative accounts. Each person requiring administrative access should be given his/her own separate account. Administrative accounts should never be shared. Users should only use the Windows administrator or Unix root accounts in emergency situations. Domain administration accounts should be used when required for system administration instead of local administrative accounts. 10) Configure operating systems so that passwords cannot be re-used within a certain timeframe, such as six months. 11) Configure systems to issue a log entry and alert when an account is added to or removed from a domain administrators group. Addressed by Viewfinity Application Control - Viewfinity supports a segregation of duties model. This provides for granting administrative rights to approved applications only instead of making users administrators for all activities on the operating system.

12) Use two-factor authentication for all administrative access, including domain administrative access. 13) Block access to a machine (either remotely or locally) for administrator-level accounts. Instead, administrators should be required to access a system using a fully logged and nonadministrative account. Then, once logged on to the machine without administrative privileges, the administrator should transition to administrative privileges using tools such as Sudo on Linux/UNIX, RunAs on Windows, and other similar facilities for other types of systems. Users would use their own administrative accounts and enter a password each time that is different that their user account. 14) If services are outsourced to third parties, include language in the contracts to ensure that they properly protect and control administrative access. It should be validated that they are not sharing passwords and have accountability to hold administrators liable for their actions. Addressed by Viewfinity Application Control The Viewfinity model assumes that administrators will log on to machines with the least amount of privileges and the Viewfinity software will control elevated access to applications which are permitted to be executed with higher levels of privileges. Addressed by Viewfinity Application Control - Viewfinity supports a segregation of duties model by granting administrative rights only to approved applications instead of granting full admin rights to outsourced administrators or third party operators.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information