Control 5 builds on Control 4 and is concerned with increased awareness and defense of the network boundary. To defend the boundary means you must be aware of what traffic goes through all network segments. Change control procedures that are strictly followed is also an important step toward successfully implementing this control.
What can be done and where do you start implementing this control to monitor and better manage the boundary defenses?
Filtering:
Good Ingress and Egress filtering must be in place. What traffic is allowed into your network is just as important as what is allowed to leave your network. Blacklist known bad sites. Whitelist approved business sites. Once this is done, a careful analysis of what remains will be fruitful.
What if your business does no business with foreign countries? Filters at the router can be added that will deny inbound and outbound communication with IP addresses assigned to these nations. The Internet Assigned Numbers Authority (IANA) provides a listing of Top Level Domains.
AfriNIC : Africa, portions of the Indian Ocean
APNIC : Portions of Asia, portions of Oceania
ARIN : Canada, many Caribbean and North Atlantic islands, and the United States
LACNIC : Latin America, portions of the Caribbean
RIPE : Europe, the Middle East, Central Asia
Logs:
Always send alerts of successful logins and policy changes to every member of the security team.
Monitoring:
Monitor aggregate data from your NIDS to look for trends or new hosts. A fast and free way to do this is with Security Onion. This is a Linux distribution that is pre-installed and configured with Snort, Squil, Squert and many more tools and was created by Doug Burks.
SANS AuditCast 1, Auditing Routers and Switches with Nipper with David Hoelzer gives practical advice and show notes on performing an audit on network equipment.
Zones:
Security zones must be created and diligently maintained that are based on the different types that traverse your network. All other things being equal, this will help validate that your security efforts are focused on the right network segments.