In the previous two blog posts I have been addressing Control 1 and Control 2 in the SANS Critical Security Control mapping with Unified VRM exercise.
In this installment, I am going to address how Unified VRM’s functionalities can be mapped with SANS Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers.
Establishing, securing, enforcing and assessing a secure operating system configuration is one of the most important security controls to prevent targeted hacking attacks and widespread malware infections.
In essence, the Control 3 states that:
Workstations, laptops, Servers, and mobile devices’ secure configurations should be established and reviewed using a configuration review scanner via authenticated scans;
A file integrity checker that make sure that the original key files in important hosts’ operating systems are not modified by kackers, trojans or other malware.
Unified VRM is capable of implementing all security controls mentioned above.
- Unified VRM Configuration Review modules uses authenticated security scans against specific asset groups to make sure that their running operating system-specific configuration is in line with secure configuration standards, such as NSA, DISA, and more and with compliance configuration standards, such as HIPAA, SOX, PCI-DSS, etc. The customer can also modify the applicable configuration standard he would like to use as baseline according to its secure-built configuration standards. This can be done from the cutomer’s Unified VRM GUI. Furthermore, Unified VRM can use SCAP XCCDF standard – https://scap.nist.gov/specifications/xccdf/ – to check every operating systems for configuration best practices based on corresponding operating system based OVAL definitions.
- Unified VRM internal module can use a specially-crafted scan template (modifiable now from the GUI) that can interact with SLAD – Security Local Audit Daemon, installed locally on strategic hosts. This daemon can interact and transmit the status of Tripwire File System checker scans. This way key files within the file system can be monitored for unauthorized modification which might indicate a system compromise by a trojan, rootkit or other forms of malware.