NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Security Team Intelligence

SANS Critical Control 13: Network Boundary Defense

As we are getting ready to descend for a couple of days to Vegas for Black Hat / DefCon / BSides, here’s the blog post on SANS Critical Control 13 dealing with Boundary Defenses.

“Boundary defenses” define those security controls aimed at protecting and segregating various networks with different degree of trust. Typical example of those defenses are firewalls, Intrusion Detection and Prevention Systems, Web Content Filtering, Network Access Controls, Routes / Switches, and Proxy Servers.

SANS describes the following steps to be accomplished in order to achieve Control #13:

Step 1: Hardened device configurations applied to production devices

Step 2:Two-factor authentication systems required for administrative access to production devices

Step 3: Production network devices send events to log management and correlation system

Step 4: Network monitoring system analyzes network traffic

Step 5: Network monitoring system sends events to log management and correlation system

Step 6: Outbound traffic passes through and is examined by network proxy devices

Step 7: Network systems scanned for potential weaknesses.

  • Unified VRM can help detect vulnerabilities and misconfigurations in the security controls mentioned above, thus making those stronger.
  • Unified VRM Configuration Review and XCCDF Scanning module can help detecting security misconfigurations in Cisco devices (firewall, routers, and switches), Solaris and various other flavors of Linux and Unixes.
  • Unified VRM External and Internal module can test the strength of passwords in various remote daemons (SSH, Remote Desktop, etc.) to prove the need for dual factor authentication.
  • Unified VRM platform has in itself a very strong correlation engine, correlating vulnerabilities across platforms (network, VoIP, web applications, etc.) belonging to the same hosts.
  • Unified VRM helps scanning various network and web applications for network and application-based vulnerabilities.
  • Unified VRM helps finds vulnerabilities in web applications and application proxy which might allow an attacker to escalate attack privileges.

Again, Unified VRM does not offer defensive security controls capable of blocking ongoing attacks. It is more like your periodic “doctor visit” that is capable of detecting and preventing growing problems in your body.

Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.