NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Security Team Intelligence

SANS Critical Control 3: Secure Configurations

In the previous two blog posts I have been addressing Control 1 and Control 2 in the SANS Critical Security Control mapping with Unified VRM exercise.

In this installment, I am going to address how Unified VRM’s functionalities can be mapped with SANS Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers.

Establishing, securing, enforcing and assessing a secure operating system configuration is one of the most important security controls to prevent targeted hacking attacks and widespread malware infections.

In essence, the Control 3 states that:

Workstations, laptops, Servers, and mobile devices’ secure configurations should be established and reviewed using a configuration review scanner via authenticated scans;

A file integrity checker that make sure that the original key files in important hosts’ operating systems are not modified by kackers, trojans or other malware.

Unified VRM is capable of implementing all security controls mentioned above.

  1. Unified VRM Configuration Review modules uses authenticated security scans against specific asset groups to make sure that their running operating system-specific configuration is in line with secure configuration standards, such as NSA, DISA, and more and with compliance configuration standards, such as HIPAA, SOX, PCI-DSS, etc. The customer can also modify the applicable configuration standard he would like to use as baseline according to its secure-built configuration standards. This can be done from the cutomer’s Unified VRM GUI. Furthermore, Unified VRM can use SCAP XCCDF standard – https://scap.nist.gov/specifications/xccdf/ – to check every operating systems for configuration best practices based on corresponding operating system based OVAL definitions.
  2. Unified VRM internal module can use a specially-crafted scan template (modifiable now from the GUI) that can interact with SLAD – Security Local Audit Daemon, installed locally on strategic hosts. This daemon can interact and transmit the status of Tripwire File System checker scans. This way key files within the file system can be monitored for unauthorized modification which might indicate a system compromise by a trojan, rootkit or other forms of malware.
Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.