SANS Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- Jul 08, 2013
- Michaelangelo Sidagni
Why all graphical representations of a network firewall include a wall with flames? Do you have to set a wall on fire in order to protect a network? I hope not for my network!!
SANS Critical Control # 10 speaks about secure configurations applied to network devices such as firewall, routers and switches.
These pieces of network infrastructure represent the backbone of an organization’s network and cannot be left unconfigured, unpassworded, with backdoors, etc.
SANS mentions the following steps to implement Control #10:
Step 1: Hardened device configurations applied to production devices
Step 2: Hardened device configuration stored in a secure configuration management system
Step 3: Management network system validates configurations on production network devices
Step 4: Patch management system applies tested software updates to production network devices
Step 5:Two-factor authentication system required for administrative access to production devices
Step 6: Proxy/firewall/network monitoring systems analyze all connections to production network devices.
With its various modules, Unified VRM addresses most of the control points SANS includes in Control # 10: