_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: June 2011 var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Thursday, June 23, 2011

Control 4 - Secure Configurations of Network Devices Such as Firewalls, Routers, and Switches

Control 4 is similar to Control 3 in that it is concerned with maintaining a secure configuration. This time the focus is on network devices.

What is the last thing you did on your network devices? Likely it was add a rule to permit a new traffic flow. When was the last time you made sure the configuration is exactly what you expected?

Where to start?
Several authoritative hardening guides exist and are freely available. Choose one of the below and plan to spend a few hours making sure your network device configurations are secure.

             CheckPoint Firewall Benchmarks
             Cisco Device Benchmarks
             Juniper Device Benchmarks
             Network Device Benchmarks
             Novell Netware Benchmarks
             Wireless Network Devices Benchmarks

What else?

Always maintain an updated network diagram. I know. You still should.

Change control forms should be completed (with appropriate approvals) before logging in to the device.

Speaking of logging in, require two factor authentication for every device login.

Alert all administrators of all attempted logins and rule changes.

Compare the current configuration of your network devices to a known good configuration.

Saturday, June 18, 2011

Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

Control 3 builds on the previous two controls, Inventory of Authorized and Unauthorized Devices
and Inventory of Authorized and Unauthorized Software.

The intent of this control is to develop secure configurations for your systems and montior for any deviation from this standard. To implement this control, you must invest in some manual work in making configuration standards and then regular and automated comparison to these standards using readily available tools.

The real work in this control starts by reviewing configuration guides from several expert sources. These resources have detailed guides that explain the security considerations of each setting. It is a considerable amount of effort to review these documents in detail, however going through this process will help you better understand your system settings. It will also undoubtedly make you more aware of the importance better protecting your systems from attackers.

Guides that will help:

Tools that will help: