_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: Control 13: Limitation and Control of Network Ports, Protocols, and Services var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Monday, August 29, 2011

Control 13: Limitation and Control of Network Ports, Protocols, and Services

Just as mentioned in Control 5 Boundary Defense, proper ingress and egress filtering should be in place. Diligently maintaining awareness of the traffic that is allowed into and out of your network is critical.

SourceFire RNA Compliance Rules allow the administrator to create rules that mirror the firewall rules and alert when any other traffic occurs. This is configured in the administrative console at Policy & Response, Compliance, Rule Management, Create or open a Group.  Select If a flow event occurs and meets the following conditions. Add a condition such as if Payload is AOL Mail. This feature in RNA allows the user to define approved flows and respond to everything not specifically allowed. Policy violations and new traffic flows will become immediately apparent and will be complimentary to the traditional network firewall rules.

Perform daily network discovery scans using nmap. Depending on the complexity of the network, multiple scanners may need to be deployed to ensure complete coverage. List the name of each service running on the network and attempt to justify its business need. Consider an nmap diff scan to identify all hosts and their associated services. Using the diff option, results for the new scan are compared to the previous one, with only the changes being noted.

No comments:

Post a Comment