SANS Critical Control 13: Network Boundary Defense
- Jul 25, 2013
- Michaelangelo Sidagni
As we are getting ready to descend for a couple of days to Vegas for Black Hat / DefCon / BSides, here’s the blog post on SANS Critical Control 13 dealing with Boundary Defenses.
“Boundary defenses” define those security controls aimed at protecting and segregating various networks with different degree of trust. Typical example of those defenses are firewalls, Intrusion Detection and Prevention Systems, Web Content Filtering, Network Access Controls, Routes / Switches, and Proxy Servers.
SANS describes the following steps to be accomplished in order to achieve Control #13:
Step 1: Hardened device configurations applied to production devices
Step 2:Two-factor authentication systems required for administrative access to production devices
Step 3: Production network devices send events to log management and correlation system
Step 4: Network monitoring system analyzes network traffic
Step 5: Network monitoring system sends events to log management and correlation system
Step 6: Outbound traffic passes through and is examined by network proxy devices
Step 7: Network systems scanned for potential weaknesses.
Again, Unified VRM does not offer defensive security controls capable of blocking ongoing attacks. It is more like your periodic “doctor visit” that is capable of detecting and preventing growing problems in your body.