May 31, 2023

Binary Blogger

Are you a 1 or a 0? News, Thoughts and Reviews

Breaking Down The Critical Security Controls: CSC 3 – Secure Configurations

3 min read
7 years ago Binary Blogger

cislogowebContinuing my series of Breaking Down The Critical Security Controls the next one in line is number three. CSC 3 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. After building inventories of your hardware and software in your environment per CSC 1 & CSC 2 the next step is to ensure those components are configured securely, consistently and accurately.

Establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.

Solution Approach

This control is where specific security, infrastructure and network expertise comes into play. In order to create secure configurations you need resources in your environment that can read, analyze and understand with expertise with the ‘whats’ and ‘hows’ of a component’s configuration. This will include your DBAs, AD Domain Administrators, Server Administrators, Network Administrators, software tool experts, developers and anyone else that works directly with a component.

No security team will have all that knowledge and expertise on the team but that’s where the secret weapon to effective security is applied. Collaboration. Yes, you need to talk to the business. Communication, transparency, accountability and teamwork. Only when you work together can you create a gold standard configuration. Taking industry best practices on how to secure Active Directory or a database probably will not fully apply to your environment, those that know the tools and the business at that level do.

After you have a gold configuration that needs to be documented and inserted in to an image/build that is then applied to all systems. That’s the first step. The second step is to ensure the configuration integrity on those systems and the configurations do not change. Using your SIEM (Security Information Event Manager) to monitor changes, file monitors, infrastructure and vulnerability scanners can help keep changes in check.

In addition to monitoring for changes there should also be improvements to the accessibility of those that can make changes. Expanding Group Policy Objects (GOP), tightening Access Control Lists to be closer to Least Privilege, and removing the ability altogether will reduce the capability of changes being made.

How It Could Be Exploited

First and foremost your environment is being constantly scanned. Thousands if not millions of bots are constantly scanning all the IP addresses on the Internet and they are looking for vulnerabilities. Unless you have a catalog of pre-built, secure configurations and/or images ready to deploy there are vulnerabilities in your environment. Almost by default any out of the box software has exploitable vulnerabilities. Unless you have updated configurations that close those vulnerabilities, contain the latest patches and updates and do it consistently across the environment you could inadvertently expose your environment just by turning on a system. Controlling how the systems are built and configured, especially if the configurations are built specifically for a system’s use (DB, AD, File server, etc…), will close the attack vectors of those looking to infiltrate your systems and data.

A consistent configuration allows you as a security leader to know with accuracy, along with your inventories in CSC 1 and CSC 2, to know what is impacted by a vulnerability based on a configuration profile. This will also provide improvements in your governance and compliance efforts by ensuring that risky protocols are blocks, ports are disabled, and versions are up to date.

Consistent, repeatable and automated processes are one of the keys to effecting Information Security.

End of line.

 

Please follow and like us:
fb-share-icon
Tweet
Pin Share
Tags:

More Stories

3 min read

Breaking Down The Critical Security Controls: CSC 20 – Penetration Tests

6 years ago Binary Blogger
4 min read

Breaking Down The Critical Security Controls: CSC 19 – Incident Response

6 years ago Binary Blogger
3 min read

Breaking Down The Critical Security Controls: CSC 18 – Application Security

6 years ago Binary Blogger

You may have missed

3 min read

The Power of Handwriting: 7 Benefits of Taking Notes by Hand in Meetings

1 day ago Binary Blogger
2 min read

Safeguarding Privacy and Security: The Essential Office Tool – A Paper Shredder

6 days ago Binary Blogger
3 min read

Back Up Your Data Properly Strategies

1 week ago Binary Blogger
2 min read

Introduction To Proper Task Management

1 week ago Binary Blogger

Blog Categories

Archives

About Binary Blogger

Binary Blogger is the persona of a 20 year veteran career techie. Throughout the years I have done it all, programming, design, support but have focused on identity security as my primary area of expertise.

I am also a photographer hobbyist, writer, blogger, father, husband and an overall swell guy.

Thanks for reading.

Copyright © All rights reserved. | Newsphere by AF themes.

Enjoy this blog? Please spread the word :)

  • RSS
  • Follow by Email
  • Facebook
    Facebook
    fb-share-icon
  • Twitter
    Visit Us
    Follow Me
    Tweet
  • YOUTUBE
  • INSTAGRAM
RSS
Follow by Email
Facebook
Facebook
fb-share-icon
Twitter
Visit Us
Follow Me
Tweet
YOUTUBE
INSTAGRAM