NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Security Team Intelligence

SANS Critical Security Controls: Secure Configurations for Network Devices

Why all graphical representations of a network firewall include a wall with flames? Do you have to set a wall on fire in order to protect a network? I hope not for my network!!

SANS Critical Control # 10 speaks about secure configurations applied to network devices such as firewall, routers and switches.

These pieces of network infrastructure represent the backbone of an organization’s network and cannot be left unconfigured, unpassworded, with backdoors, etc.

SANS mentions the following steps to implement Control #10:

Step 1: Hardened device configurations applied to production devices

Step 2: Hardened device configuration stored in a secure configuration management system

Step 3: Management network system validates configurations on production network devices

Step 4: Patch management system applies tested software updates to production network devices

Step 5:Two-factor authentication system required for administrative access to production devices

Step 6: Proxy/firewall/network monitoring systems analyze all connections to production network devices.

With its various modules, Unified VRM addresses most of the control points SANS includes in Control # 10:

  • With the external network module, Unified VRM is capable to test the external firewall for misconfigurations and open ports. Also, if the firewall brand and version has a particular reported vulnerability in both network and web application front-ends, these vulnerabilities can be found and remediated before the bad guys can exploit them.
  • On routers and switches, Unified VRM internal network module can find default passwords, default SNMP community strings and other misconfigurations so that they can be corrected. Internal network scan and authenticated OVAL scan with SSH can be used to find classified vulnerabilities in firewall, routers, and switches. Unified VRM can also test Cisco routers, switches and firewalls based on the latest XCCDF definitions.
  • Firewall, routers and switches hardened configurations can be customized and the targets tested through the Unified VRM Configuration Review Module.
  • Unified VRM Wireless assessment module can test whether the wireless network is logically located outside or inside the firewall.
  • If there are any exploitable vulnerabilities found, Unified VRM exploitation module can help in building a Proof-of-Concept exploitation targeted to routers, firewalls and switches.
  • For change control, Tripwire can be deployed on most of the firewall and it can monitor the file system for unauthorized changes. Tripwire can be then interfaced with VRM to collect those unauthorized change logs periodically.
Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.