Control 15: Data Loss Prevention

Data Loss Prevention (DLP) is a new trend in Information Security, but really should not be. DLP may have been a missed opportunity when Network Intrusion Detection (NIDS) was first introduced. Is it all of a sudden that data exfiltration has become important? How was this missed as a priority for so long? Define what […]

Control 14: Wireless Device Control

Wireless network access allows for better collaboration and mobility. With this relatively new medium comes an extra risk. Be sure to handle this administratively through the use of policy and user education to set clear expectations of appropriate use. Specific policy reference should be made that prohibits the use of peer to peer wireless networking. […]

Control 13: Limitation and Control of Network Ports, Protocols, and Services

Just as mentioned in Control 5 Boundary Defense, proper ingress and egress filtering should be in place. Diligently maintaining awareness of the traffic that is allowed into and out of your network is critical. SourceFire RNA Compliance Rules allow the administrator to create rules that mirror the firewall rules and alert when any other traffic […]

Control 12: Malware Defenses

Malware should certainly be considered unauthorized software and addressed using the techniques listed in Control 2. Maintain a listing of approved software and its business need can be readily compared to all software that has been detected. Malware protection is often packaged within traditional anti virus software. Configure this tool to send its events to […]

Control 11: Account Monitoring and Control

What does it really mean to provide Account Monitoring and Control and what are some practical and no cost ways to implement this control? Send automated alerts to any change or attempted change to any group whose membership grants elevated access. Daily alerts and reports of locked-out accounts, disabled accounts, accounts with passwords that exceed […]

Control 10: Continuous Vulnerability Assessment and Remediation

Is it possible to have a vulnerability assessment program that truly can be considered continuous? I believe the answer is a resounding yes you can. Configure a network scanner to perform daily discovery scans on the internal and external networks. Review the output for new hosts and unexpected services. Make certain that these scans are […]