{"id":202,"date":"2011-07-04T15:22:00","date_gmt":"2011-07-04T15:22:00","guid":{"rendered":"https:\/\/belayclientstaging.zone\/securityeverafter\/2011\/07\/04\/control-5-boundary-defense\/"},"modified":"2011-07-04T15:22:00","modified_gmt":"2011-07-04T15:22:00","slug":"control-5-boundary-defense","status":"publish","type":"post","link":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/","title":{"rendered":"Control 5 &#8211; Boundary Defense"},"content":{"rendered":"<p><a href=\"http:\/\/www.sans.org\/critical-security-controls\/control.php?id=5\">Control 5<\/a> builds on <a href=\"http:\/\/www.securityeverafter.com\/2011\/06\/control-4-secure-configurations-of.html\">Control 4<\/a> and is concerned with increased awareness and defense of the network boundary. To defend the boundary means you must be aware of what traffic goes through all network segments. Change control procedures that are strictly followed is also an important step toward successfully implementing this control.<\/p>\n<p>What can be done and where do you start implementing this control to monitor and better manage the boundary defenses?<\/p>\n<p><span style=\"font-weight: bold;\">Filtering<\/span>:<br \/>Good Ingress and Egress filtering must be in place. What traffic is allowed into your network is just as important as what is allowed to leave your network. Blacklist known bad sites. Whitelist approved business sites. Once this is done, a careful analysis of what remains will be fruitful.<\/p>\n<p>What if your business does no business with foreign countries? Filters at the router can be added that will deny inbound and outbound communication with IP addresses assigned to these nations. The Internet Assigned Numbers Authority (<a href=\"http:\/\/www.iana.org\/\">IANA<\/a>) <a href=\"http:\/\/www.iana.org\/domains\/root\/db\">provides a listing of Top Level Domains<\/a>.<\/p>\n<p><a href=\"http:\/\/www.afrinic.net\/\">AfriNIC<\/a>        : Africa, portions of the Indian Ocean<a href=\"http:\/\/www.apnic.net\/publications\/research-and-insights\/ip-address-trends\/apnic-resource-range\"><br \/>APNIC<\/a>            : Portions of Asia, portions of Oceania<br \/><a href=\"https:\/\/www.arin.net\/\">ARIN<\/a>                : Canada, many Caribbean and North Atlantic islands, and the United States<br \/><a href=\"http:\/\/www.lacnic.net\/en\/\">LACNIC<\/a>      : Latin America, portions of the Caribbean<br \/><a href=\"http:\/\/www.ripe.net\/\">RIPE<\/a>                  : Europe, the Middle East, Central Asia<\/p>\n<p><span style=\"font-weight: bold;\">Logs<\/span>:<br \/>Always send alerts of successful logins and policy changes to every member of the security team.<\/p>\n<p><span style=\"font-weight: bold;\">Monitoring<\/span>:<br \/>Monitor aggregate data from your NIDS to look for trends or new hosts. A fast and free way to do this is with <a href=\"http:\/\/securityonion.blogspot.com\/\">Security Onion<\/a>. This is a Linux distribution that is pre-installed and configured with Snort, Squil, Squert and many more tools and was created by <a href=\"http:\/\/www.giac.org\/certified-professionals\/directory\/gse\">Doug Burks<\/a>.<br \/><span style=\"font-weight: bold;\"><\/span><br \/>SANS AuditCast 1, <a href=\"http:\/\/auditcasts.com\/screencasts\/1\">Auditing Routers and Switches with Nipper<\/a> with <a href=\"http:\/\/www.sans.org\/security-training\/instructors\/David-Hoelzer\">David Hoelzer<\/a> gives practical advice and <a href=\"http:\/\/it-audit.sans.org\/blog\/2011\/06\/07\/auditing-routers-switches-with-nipper-show-notes\">show notes<\/a> on performing an audit on network equipment.<\/p>\n<p><span style=\"font-weight: bold;\">Zones<\/span>:<br \/>Security zones must be  created and diligently maintained that are based on the different types  that traverse your network. All other things being equal, this will  help validate that your security efforts are focused on the right network  segments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Control 5 builds on Control 4 and is concerned with increased awareness and defense of the network boundary. To defend the boundary means you must be aware of what traffic goes through all network segments. Change control procedures that are strictly followed is also an important step toward successfully implementing this control. What can be [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[20,21,22],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Control 5 - Boundary Defense - Security Ever After - vCISO<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Control 5 - Boundary Defense - Security Ever After - vCISO\" \/>\n<meta property=\"og:description\" content=\"Control 5 builds on Control 4 and is concerned with increased awareness and defense of the network boundary. To defend the boundary means you must be aware of what traffic goes through all network segments. Change control procedures that are strictly followed is also an important step toward successfully implementing this control. What can be [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Ever After - vCISO\" \/>\n<meta property=\"article:published_time\" content=\"2011-07-04T15:22:00+00:00\" \/>\n<meta name=\"author\" content=\"Russell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:site\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Russell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/\"},\"author\":{\"name\":\"Russell\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\"},\"headline\":\"Control 5 &#8211; Boundary Defense\",\"datePublished\":\"2011-07-04T15:22:00+00:00\",\"dateModified\":\"2011-07-04T15:22:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/\"},\"wordCount\":339,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"articleSection\":[\"Automation\",\"Operational Security\",\"SANS Top 20 Controls\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/\",\"url\":\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/\",\"name\":\"Control 5 - Boundary Defense - Security Ever After - vCISO\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/#website\"},\"datePublished\":\"2011-07-04T15:22:00+00:00\",\"dateModified\":\"2011-07-04T15:22:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securityeverafter.com\/control-5-boundary-defense\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securityeverafter.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Control 5 &#8211; Boundary Defense\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securityeverafter.com\/#website\",\"url\":\"https:\/\/securityeverafter.com\/\",\"name\":\"Security Ever After - CISO\",\"description\":\"vCISO\",\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securityeverafter.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securityeverafter.com\/#organization\",\"name\":\"Security Ever After\",\"url\":\"https:\/\/securityeverafter.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"width\":1169,\"height\":826,\"caption\":\"Security Ever After\"},\"image\":{\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/russelleubanks\",\"https:\/\/www.linkedin.com\/in\/russelleubanks\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\",\"name\":\"Russell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"caption\":\"Russell\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Control 5 - Boundary Defense - Security Ever After - vCISO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/","og_locale":"en_US","og_type":"article","og_title":"Control 5 - Boundary Defense - Security Ever After - vCISO","og_description":"Control 5 builds on Control 4 and is concerned with increased awareness and defense of the network boundary. To defend the boundary means you must be aware of what traffic goes through all network segments. Change control procedures that are strictly followed is also an important step toward successfully implementing this control. What can be [&hellip;]","og_url":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/","og_site_name":"Security Ever After - vCISO","article_published_time":"2011-07-04T15:22:00+00:00","author":"Russell","twitter_card":"summary_large_image","twitter_creator":"@russelleubanks","twitter_site":"@russelleubanks","twitter_misc":{"Written by":"Russell","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/#article","isPartOf":{"@id":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/"},"author":{"name":"Russell","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3"},"headline":"Control 5 &#8211; Boundary Defense","datePublished":"2011-07-04T15:22:00+00:00","dateModified":"2011-07-04T15:22:00+00:00","mainEntityOfPage":{"@id":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/"},"wordCount":339,"commentCount":0,"publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"articleSection":["Automation","Operational Security","SANS Top 20 Controls"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/securityeverafter.com\/control-5-boundary-defense\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/","url":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/","name":"Control 5 - Boundary Defense - Security Ever After - vCISO","isPartOf":{"@id":"https:\/\/securityeverafter.com\/#website"},"datePublished":"2011-07-04T15:22:00+00:00","dateModified":"2011-07-04T15:22:00+00:00","breadcrumb":{"@id":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securityeverafter.com\/control-5-boundary-defense\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/securityeverafter.com\/control-5-boundary-defense\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securityeverafter.com\/"},{"@type":"ListItem","position":2,"name":"Control 5 &#8211; Boundary Defense"}]},{"@type":"WebSite","@id":"https:\/\/securityeverafter.com\/#website","url":"https:\/\/securityeverafter.com\/","name":"Security Ever After - CISO","description":"vCISO","publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securityeverafter.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/securityeverafter.com\/#organization","name":"Security Ever After","url":"https:\/\/securityeverafter.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","contentUrl":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","width":1169,"height":826,"caption":"Security Ever After"},"image":{"@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/russelleubanks","https:\/\/www.linkedin.com\/in\/russelleubanks\/"]},{"@type":"Person","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3","name":"Russell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","caption":"Russell"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/202"}],"collection":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/comments?post=202"}],"version-history":[{"count":0,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/202\/revisions"}],"wp:attachment":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/media?parent=202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/categories?post=202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/tags?post=202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}