NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Security Team Intelligence

SANS Critical Controls 14 and 15: Network Audit Logging and Controlled Access

This week we come back with our blog series on SANS 20 Critical Controls and focus on Audit Logs and Controlled Access.

Audit Logs for firewall, network devices, servers and hosts are most of the time the only way to determine whether or not the host has been compromised and the only way to control the activity of the system administrator. The logs need to be aggregated, safeguarded and correlated with other relevant security events.

Unified VRM is not a log aggregation solution. However it allows you to pour relevant and verified vulnerability information into log aggregation systems and SIEM systems to enable the correlation with intrusion detection and other log data.

Another important security control is #15 that deals with controlling access to data from people with the appropriate need to know. Information needs to be classified in terms of sensitivity and importance for the business. Sensitive information needs to be segregated in separate VLANs with appropriate firewall controls. File servers need to be appropriately protected and configured. Access permissions needs to be configured to allow people with “need to know” access to specific information. Logging of those file servers operations should be maintained and information that needs to be transmitted off to public networks needs to be encrypted. Data Leak Preventions and ACLs need to maintained to prevent sensitive information from being transmitted outside the organization.

Unified VRM can be used to verify that File Servers are appropriately patched and configured according to best practice industry standards. Furthermore, Unified VRM can help verify that firewall rules are appropriately implemented and networks are appropriately segregated via VLAN. Active Directory group policies application can be verified via Unified VRM Security Configuration Module or by performing authenticated vulnerability scans. File auditing enablement can be verified by scanning file servers and active directory servers with the configuration module.

To learn more about the Unified VRM Security Configuration Module and other modules, please visit https://nopsec.com.

Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.