SecureTrack. Supporting SANS 20 Critical Security Controls. March
|
|
- Arnold Gallagher
- 5 years ago
- Views:
Transcription
1 SecureTrack Supporting SANS 20 Critical Security Controls March
2 Table of Contents Introduction... 3 Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches... 5 Procedures and tools for implementing and automating this control... 5 How can this control be implemented, automated, and its effectiveness measured?... 6 Critical Control 5: Boundary Defense... 9 Procedures and tools for implementing and automating this control... 9 How can this control be implemented, automated, and its effectiveness measured?... 9 Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs Procedures and tools for implementing and automating this control How can this control be implemented, automated, and its effectiveness measured? Critical Control 13: Limitation and Control of Network Ports, Protocols and Services Procedures and tools for implementing and automating this control How can this control be implemented, automated, and its effectiveness measured? Conclusion /14
3 Introduction The SANS Twenty Critical Security controls is an important initiative designed to consolidate a number of the most important security standards and initiatives into one, clear set of guidelines. Using the Critical Controls, enterprises can define, monitor and measure their security initiatives more simply and effectively than before. The Top 20 Controls were agreed upon by a powerful consortium brought together by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the auspices of the Center for Strategic and International Studies. Members of the Consortium include NSA, US Cert, DoD JTF GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities. The automation of these Top 20 Controls will radically lower the cost of security while improving its effectiveness. The US State Department, under CISO John Streufert, has already demonstrated more than 94% reduction in "measured" security risk through the rigorous automation and measurement of the Top 20 Controls. 1 The most recent version of the Top 20 Critical Controls was released in August 2011 and includes the successful experience of both government agencies and private organizations. 2 Firewalls and related network security devices including routers and switches are a significant part of the 20 Controls. Configuring, monitoring, and auditing these devices correctly is essential to assuring continuous network security. Tufin Security Suite SecureTrack and SecureChange are helping hundreds of organizations around the world to meet these challenges. SecureTrack Firewall Operations Management Tufin SecureTrack is the industry leading Security Operations Management solution for network and next generation firewalls as well as network infrastructure including routers, switches, load balancers and web proxies. SecureTrack features powerful tools that eliminate routine, manual tasks while assuring security and business continuity for large and small enterprises. SecureTrack Auditing and Compliance Tufin SecureTrack enables organizations to comply with regulatory standards and successfully pass security audits. SecureTrack combines triggered compliance alerts with built in reports such as PCI DSS 2.0 to dramatically reduce audit preparation times. SecureChange Security Change Automation Tufin s pioneering SecureChange solution enables companies to automate security change management and risk analysis for the network. With SecureChange, companies can 1 For the latest version of the 20 Critical Controls, see the SANS web site securitycontrols/. All quotes in this white paper can be found there 2 SANS press release for the new version: critical controls.php 3/14
4 automate business processes to proactively enforce security policies and support governance initiatives. In this paper, we examine the Critical Controls that relate to firewalls and network configuration management, and show you how Tufin enables security teams to fulfill the requirements described in each control. We will examine the essential role of automated change tracking and compliance monitoring in assuring continuous security, and at the ways you can proactively analyze and recertify your security devices in order to eliminate potential threats. 4/14
5 Control Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Control 5: Boundary Defense Control 6: Maintenance, Monitoring, and Analysis of Audit Logs Control 13: Limitation and Control of Network Ports, Protocols and Services Solution Tufin enables you to maintain a tight configuration for all of the network devices that control access to your network. Tufin enables you to improve and verify your boundary defenses and to safely protect additional network segments. Tufin maintains a complete, segregated audit trail along with tools for monitoring and analysis. Tufin provides the tools to ensure that access is restricted and to verify business justification for all access. Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches The 4 th control covers the need to maintain a tight configuration for all of the network devices that control access. This consists of defining a coherent security policy and then continuing to ensure that all devices continue to comply with this policy over time as changes are made. And since every access request is a potential security loophole, it is essential to verify the business justification for every exception, and to revalidate that need periodically. Organizations that fail to manage their firewall, router and switch configurations are at risk. Attackers take advantage of the fact that network devices may become less securely configured over time as users demand exceptions for specific and temporary business needs, as the exceptions are deployed, and as those exceptions are not undone when the business need is no longer applicable. Making matters worse, in some cases, the security risk of the exception is neither properly analyzed nor measured against the associated business need. Attackers search for electronic holes in firewalls, routers, and switches and use those to penetrate defenses. 3 Procedures and tools for implementing and automating this control Some organizations use commercial tools that evaluate the rule set of network filtering devices to determine whether they are consistent or in conflict, providing an automated sanity check of network filters and search for errors in rule sets or access controls lists (ACLs) that may allow unintended services through the device. Such tools should be run each time significant changes are made to 3 SANS 20 Critical Security Controls, Control 4 securitycontrols/control.php?id=4 All quotes in this section are from this control 5/14
6 firewall rule sets, router ACLs, or other filtering technologies. Tufin Security Suite offers a comprehensive, lifecycle approach to maintaining secure configuration of firewalls, routers and switches. It includes several key capabilities: Corporate compliance policies: SecureTrack gives you a simple way to translate your corporate compliance strategy into a concrete policy that you can automatically monitor. Without coding, SecureTrack s Corporate Compliance Policy enables you to define traffic that should always be allowed, or always be blocked. You can also define a Risk Management Policy that specifies either blacklist or whitelist traffic, as well as permitted exceptions. This policy helps you to ensure that no changes are made that post a threat to business continuity. Compliance alerts: Any time a firewall or router configuration change violates the corporate policy, an alert is sent out so that you can maintain continuous compliance, without waiting for the next audit. Compliance reports: You can manually run or schedule periodic compliance audit reports that show the current security policy configuration in comparison to the Corporate Compliance and Risk Management policies. Many other reports can be used to audit your security policy configuration including the Software Version Compliance report, The Best Practices Report, and the Security Risk Report. Policy analysis: Before implementing a change, you can use SecureTrack s Security Policy Analysis to identify possible conflicts or violations. This pro active risk analysis tool can save hours of painstaking, manual rule base review. Network topology discovery automatically identifies the relevant devices in a query and makes it easy to define zone based queries. Rule documentation and recertification: To keep your security policy up to date at all time, you can document an expiration date and a business owner for each rule. SecureTrack will automatically alert you to rules that are going to expire so that you can recertify them, or delete them. You can also schedule reports by expiration date or owner to help manage your access rules proactively. How can this control be implemented, automated, and its effectiveness measured? Quick Win, Metric or Sensor Quick wins: Compare firewall, router, and switch configuration against standard secure configurations defined for each type of network device in use in the organization. The security configuration of such devices should be documented, reviewed, and approved by an organization change control board. Any deviations from the standard configuration or updates to the standard configuration should be documented and approved in a change control system. Quick wins: At network interconnection points such as Internet gateways, inter organization connections, and internal network segments with Tufin Solution Define a corporate compliance policy in SecureTrack that will automatically alert to any change that is not compliant. Periodically use the Software Version Compliance Report, the Corporate Compliance report, the Security Best Practices Audit, and the Cisco Device Configuration Report (DCR) to ensure that all device configurations comply with your policy. In SecureTrack, create a compliance policy for zone to zone communications and generate automatic alerts when administrators allow any unauthorized or 6/14
7 different security controls implement ingress and egress filtering to allow only those ports and protocols with an explicit and documented business need. All other ports and protocols should be blocked with default deny rules by firewalls, network based IPS, and/or routers. Configuration/Hygiene: All new configuration rules beyond a baseline hardened configuration that allow traffic to flow through network security devices, such as firewalls and networkbased IPS, should be documented and recorded in a configuration management system, with a specific business reason for each change, a specific individual s name responsible for that business need, and an expected duration of the need. At least once per quarter, these rules should be reviewed to determine whether they are still required from a business perspective. Expired rules should be removed. Configuration/Hygiene: The latest stable version of a network device s inter network operating system (IOS) or firmware must be installed within 30 days of the update being released from the device vendor. Advanced: The network infrastructure should be managed across network connections that are separated from the business use of that network, relying on separate VLANs or, preferably, on entirely different physical connectivity for management sessions for network devices. Sensor: File Integrity Software Measurement: Standard images for the installation of systems have been created based on an accepted security standard published by organizations such as CIS, NSA, DISA, and others. Score: Pass/Fail Sensor: Standard images Measurement: Standard images for the installation of systems have been created based on an accepted security standard published by organizations such as CIS, NSA, DISA, and others. Score: Pass/Fail unapproved traffic or zones. You can create custom compliance policies that define black list, white list and business continuity policies and SecureTrack will make sure that they are enforced continuously. SecureTrack s Rule Documentation and Recertification enables you to assign a justification, a business and technical owner, and an expiration date to every access rule. You can schedule alerts and reports about expiring rules so that administrators can review their current business justification and either delete or recertify. You can also use the Rule and Object usage report to identify unused rules and objects on each device remove them if they are not longer necessary. Use the Software Version Compliance report to indicate the correct version that should be installed and check compliance on each of the devices on your network. Use SecureTrack s Policy Analysis to simulate network traffic and verify separation of networks. Tufin s change monitoring automatically detects every change on every firewall, router and switch along with many additional devices including IPSs. Every change is saved and reported as part of a comprehensive audit trail with full accountability. SecureTrack can be used to check all of the layers that comprise a standard image or configuration for a security device. First, the Software Version Compliance report checks that the correct updates are installed on every device. Second, the Best Practices Audit checks that every device is configured according to the leading security standards. For Cisco devices, there is also the Cisco Device Configuration report that checks for common errors and misconfigurations. On top of these norms, you can define your corporate compliance policy, and use automatic alerts as well as the Corporate Compliance report to ensure that devices are continuously in accordance with your policy. 7/14
8 Sensor: Packet generation tools Measurement: Confirm that the network infrastructure properly handles, routes and filters IPv6 traffic. Score: Pass or Fail. Policy analysis enables you to simulate traffic and test your firewall and router configuration. It tests offline so you do not have to load your network with test traffic. 8/14
9 Critical Control 5: Boundary Defense The 5 th control focuses on the importance of establishing secure boundaries at a time when clear physical perimeters no longer exist. It should be noted that boundary lines between internal and external networks are diminishing as a result of increased interconnectivity within and between organizations as well as the rapid rise in deployment of wireless technologies. These blurring lines sometimes allow attackers to gain access inside networks while bypassing boundary systems. However, even with this blurring of boundaries, effective security deployments still rely on carefully configured boundary defenses that separate networks with different threat levels, sets of users, and levels of control. 4 Procedures and tools for implementing and automating this control The boundary defenses included in this control build on Critical Control 4. The additional recommendations here focus on improving the overall architecture and implementation of both Internet and internal network boundary points. Internal network segmentation is central to this control because once inside a network, many intruders attempt to target the most sensitive machines. Tufin Security Suite can help organizations to comply with this control in two key ways: Policy Analysis: SecureTrack s sophisticated policy analysis enables you to check network access between any source and destination. Using Network Topology Intelligence, it shows you all of the devices along the access path on a dynamic, visual map. With Policy Analysis you can ensure that there is no unjustified access to and from sensitive internal networks. Automatic Policy Generator: SecureTrack s Automatic Policy Generator (APG) to quickly and safely deploy firewalls on additional internal network segments without threatening business continuity. APG analyzes network traffic logs and designs a firewall policy that allows only the traffic that is actually required. How can this control be implemented, automated, and its effectiveness measured? Quick Win, Metric or Sensor Quick wins: Organizations should deny communications with (or limit data flow to) known malicious IP addresses (black lists) or limit access to trusted sites (white lists). Tests can be periodically carried out by sending packets from bogon source IP addresses into the network to verify that they are not transmitted through network perimeters. Lists of bogon addresses (unroutable or otherwise unused IP addresses) are publicly available on the Internet from various sources, and indicate a series of IP Tufin Solution Define a Compliance Policy in SecureTrack that includes black list and white list traffic. Use the compliance alerts to notify about any configuration change that could violate the policy. Schedule the Compliance Audit report to periodically run and verify that all firewalls and routers are configured correctly. 4 SANS 20 Critical Security Controls, Control 5 securitycontrols/control.php?id=5 All quotes in this section are from this control 9/14
10 addresses that should not be used for legitimate traffic traversing the Internet. Visibility/Attribution: Define a network architecture that clearly separates internal systems from DMZ and extranet systems. DMZ systems are machines that need to communicate with the internal network as well as the Internet, while extranet systems are those whose primary communication is with other systems at a business partner. DMZ systems should never contain sensitive data and internal systems should never be directly accessible from the Internet. Visibility/Attribution: Design and implement network perimeters so that all outgoing web, file transfer protocol (FTP), and secure shell traffic to the Internet must pass through at least one proxy on a DMZ network. The proxy should support logging individual TCP sessions; blocking specific URLs, domain names, and IP addresses to implement a black list; and applying white lists of allowed sites that can be accessed through the proxy while blocking all other sites. Organizations should force outbound traffic to the Internet through an authenticated proxy server on the enterprise perimeter. Proxies can also be used to encrypt all traffic leaving an organization. Configuration/Hygiene: Organizations should periodically scan for back channel connections to the Internet that bypass the DMZ, including unauthorized VPN connections and dual homed hosts connected to the enterprise network and to other networks via wireless, dial up modems, or other mechanisms. Configuration/Hygiene: To limit access by an insider or malware spreading on an internal network, organizations should devise internal network segmentation schemes to limit traffic to only those services needed for business use across the internal network. Configuration/Hygiene: Organizations should develop plans to rapidly deploy filters on internal networks to help stop the spread of malware or an intruder. Advanced: To minimize the impact of an attacker pivoting between compromised systems, only allow DMZ systems to communicate with private network systems via application proxies or Define a zone based Compliance Policy that ensures that traffic from the internal network cannot pass to the internet. Use the automatic alerts and reports to verify the network design and ensure that configuration changes do not violate the design in real time. With Policy Analysis, you can verify that no sensitive protocols go directly from the internal network to the internet, but pass through a proxy. Implement these tests as a compliance policy and use alerts and scheduled reports to enforce the policy and ensure continuous compliance. Use Policy Analysis to verify that there are no back door connections to the firewalls. With the Automatic Policy Generator, you can implement firewalls on additional network segments that have a non permissive policy yet do not threaten business continuity. Use Rule Documentation to add a business justification to ever access rule and to trigger alerts for expiring rules that require recertification. Using policy analysis can help you to plan where to install those changes, effectively assuring that when they are deployed, they are 100% effective. Use Policy Analysis and a Compliance Policy to ensure that the DMZ can only access proxy servers. 10/14
11 application aware firewalls over approved channels 11/14
12 Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs This control focuses on the need for thorough, meticulous logging of security systems and the ability to analyze those logs to identify both threats and security events. Deficiencies in security logging and analysis allow attackers to hide their location, malicious software used for remote control, and activities on victim machines. Even if the victims know that their systems have been compromised, without protected and complete logging records they are blind to the details of the attack and to subsequent actions taken by the attackers. Without solid audit logs, an attack may go unnoticed indefinitely and the particular damages done may be irreversible. 5 Procedures and tools for implementing and automating this control In the realm of firewalls and routers, Tufin SecureTrack maintains a complete audit trail of every configuration change that is made to every device configuration, rule base, or ACL through a readonly connection. SecureTrack s audit trail provides detailed information about every change including full accountability on the part of the administrator who made the change. This change record is stored in the SecureTrack database separated from the device maintaining an independent security audit trail along with the complete device configuration. SecureTrack includes several reports including the Best Practices report and the Cisco Device Configuration Report (DCR) that check that other devices are set to log correctly. With the Automatic Policy Generator (APG), SecureTrack also analyzes firewall traffic logs to locate overly permissive rules that may be abused by hackers. It proposes new, tighter rules based on actual usage traffic that can permit network traffic without preventing access for justified business needs and eliminate unnecessary access that was granted by old access rules. How can this control be implemented, automated, and its effectiveness measured? Quick Win, Metric or Sensor Visibility/Attribution: Each organization should include at least two synchronized time sources (i.e., Network Time Protocol NTP) from which all servers and network equipment retrieve time information on a regular basis so that timestamps in logs are consistent. Visibility/Attribution: Network boundary devices, including firewalls, network based IPS, and inbound and outbound proxies, should be configured to verbosely log all traffic (both allowed and blocked) arriving at the device. Tufin Solution The Cisco Device Configuration Report (DCR) checks to verify that your device is configured to the proper NTP servers. The Best Practice Report includes a check for rules with no log tracking across all firewall vendors. 5 security controls/control.php?id=6 12/14
13 Critical Control 13: Limitation and Control of Network Ports, Protocols and Services Control 13 addresses the need to protect remotely accessible services and applications. Attackers search for remotely accessible network services that are vulnerable to exploitation. Common examples include poorly configured web servers, mail servers, file and print services, and domain name system (DNS) servers installed by default on a variety of different device types, often without a business need for the given service. Many software packages automatically install services and turn them on as part of the installation of the main software package without informing a user or administrator that the services have been enabled. Attackers scan for such issues and attempt to exploit these services, often attempting default user IDs and passwords or widely available exploitation code. 6 Procedures and tools for implementing and automating this control SecureTrack s sophisticated policy analysis enables you to check network access between any source and destination. Using Network Topology Intelligence, it shows you all of the devices along the access path on a dynamic, visual map. With Policy Analysis you can identify the services that can be accessed from untrusted networks as well as the presence of internal firewalls. With Rule Documentation and Recertification, you can document the business owner and justification of each network access rule along with an expiration date. Alerts and reports will let you know when rules are expiring so that you can review business justification for access regularly. How can this control be implemented, automated, and its effectiveness measured? Quick Win, Metric or Sensor Visibility/Attribution: Any server that is visible from the Internet or an untrusted network should be verified, and if it is not required for business purposes it should be moved to an internal VLAN and given a private address. Configuration/Hygiene: Services needed for business use across the internal network should be reviewed quarterly via a change control group, and business units should re justify the business use. Sometimes services are turned on for projects or limited engagements, and should be turned off when they are no longer needed. Tufin Solution Use SecureTrack Policy Analysis to identify the servers that are visible from an untrusted network. To validate and maintain business justification for visible servers, use Rule Documentation and Recertification to identify the business owner, and Rule and Object Usage Analysis to make sure that the access is being used. See section above. 6 security controls/control.php?id=13 13/14
14 Configuration/Hygiene: Operate critical services on separate physical host machines, such as DNS, file, mail, web, and database servers. Advanced: Application firewalls should be placed in front of any critical servers to verify and validate the traffic going to the server. Any unauthorized services or traffic should be blocked and an alert generated. Use SecureTrack Policy Analysis to check these services. This check is standard in the PCI DSS compliance report. Use Policy Analysis to verify that critical services are all behind application firewalls. With Palo Alto Networks Next Generation firewalls, you can use Policy Analysis to verify that application filtering is in place for critical services. Conclusion The SANS 20 Critical Controls are a valuable tool for evaluating the efficacy of your security operations and for defining a roadmap for ongoing improvement. A number of the controls are concerned with the configuration, monitoring and auditing of firewalls and other network security infrastructure. Tufin Security Suite is an essential solution for organizations that need to assure security and compliance for networks. It includes automation capabilities that enable you to track and audit every network configuration change, with full personal accountability. It gives you the in depth analysis tools that you need in order to proactively evaluate risks and eliminate potential security loopholes. Given the complexity of today s networks the number of devices, the size of rule bases and ACLs, and the assortment of vendors it is virtually impossible for security teams to manage device configuration manually. Around the world, hundreds of customers are using Tufin Security Suite to improve security, streamline operations, and assure compliance with standards. Customers report that on average, Tufin cuts the time and cost of change management and auditing in half. It eliminates the routine, painstaking manual tasks that not only take up valuable time, but can lead to potentially dangerous errors. According to Frost & Sullivan, SecureTrack can reduce audit preparation time by as much as 75% and just as important, can enable you to be continuously compliant. For more information about Tufin and how it can help you to comply with the SANS 20 Critical Controls, visit us at Copyright 2015 Tufin Tufin, Unified Security Policy, Tufin Orchestration Suite and the Tufin logo are trademarks of Tufin. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. 14/14
Best Practices for PCI DSS Version 3.2 Network Security Compliance
Best Practices for PCI DSS Version 3.2 Network Security Compliance www.tufin.com Executive Summary Payment data fraud by cyber criminals is a growing threat not only to financial institutions and retail
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationAutomated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk
Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk Skybox Security Whitepaper January 2015 Executive Summary Firewall management has
More informationAligning with the Critical Security Controls to Achieve Quick Security Wins
Aligning with the Critical Security Controls to Achieve Quick Security Wins Background The Council on CyberSecurity s Critical Security Controls for Effective Cyber Defense provide guidance on easy wins
More informationOperationalizing NSX Micro segmentation in the Software Defined Data Center
Operationalizing NSX Micro segmentation in the Software Defined Data Center A Comprehensive Solution for Visibility and Management of Heterogeneous Security Controls in a Data Center www.tufin.com Introduction
More informationWHO AM I? Been working in IT Security since 1992
(C) MARCHANY 2011 1 WHO AM I? Been working in IT Security since 1992 CISO at VA Tech 35+K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationComplying with RBI Guidelines for Wi-Fi Vulnerabilities
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationCIS TOP 20 CONTROLS with RedSeal
CIS TOP 20 CONTROLS with RedSeal CYBERSECURITY BEST PRACTICES The Center for Internet Security s Critical Security Controls (CIS Controls) represent global industry best practices for cybersecurity. They
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationAlgoSec. Managing Security at the Speed of Business. AlgoSec.com
AlgoSec Managing Security at the Speed of Business AlgoSec.com The AlgoSec Security Policy Management Suite As your data centers, networks and the security infrastructure that protects them continue to
More informationFireMon Security manager
FireMon Security manager Regain control of firewalls with comprehensive firewall management The enterprise network is a complex machine. New network segments, new hosts and zero-day vulnerabilities are
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationLOGmanager and PCI Data Security Standard v3.2 compliance
LOGmanager and PCI Data Security Standard v3.2 compliance Whitepaper how deploying LOGmanager helps to maintain PCI DSS regulation requirements Many organizations struggle to understand what and where
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationFederal Agency Firewall Management with SolarWinds Network Configuration Manager & Firewall Security Manager. Follow SolarWinds:
Federal Agency Firewall Management with SolarWinds Network Configuration Manager & Firewall Security Manager Introduction What s different about Federal Government Firewalls? The United States Federal
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationCIS Top 20 #12 Boundary Defense. Lisa Niles: CISSP, Director of Solutions Integration
CIS Top 20 #12 Boundary Defense Lisa Niles: CISSP, Director of Solutions Integration CSC # 12 - Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationSkybox Firewall Assurance
Skybox Firewall Assurance Getting Started Guide 8.5.600 Revision: 11 Proprietary and Confidential to Skybox Security. 2017 Skybox Security, Inc. All rights reserved. Due to continued product development,
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationVANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER
VANGUARD INSURANCE INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationHow Security Policy Orchestration Extends to Hybrid Cloud Platforms
How Security Policy Orchestration Extends to Hybrid Cloud Platforms Reducing complexity also improves visibility when managing multi vendor, multi technology heterogeneous IT environments www.tufin.com
More informationInformation Technology Procedure IT 3.4 IT Configuration Management
Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating
More informationfirewalls perimeter firewall systems firewalls security gateways secure Internet gateways
Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public
More informationWHITE PAPERS. INSURANCE INDUSTRY (White Paper)
(White Paper) Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance
More informationSANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Critical Security Control Solution Brief Version 6 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable,
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationFirewall Configuration and Management Policy
Firewall Configuration and Management Policy Version Date Change/s Author/s Approver/s 1.0 01/01/2013 Initial written policy. Kyle Johnson Dean of Information Services Executive Director for Compliance
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Port Security Port Security helps to control access to logical and physical ports, protocols, and services. This
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationSegment Your Network for Stronger Security
Segment Your Network for Stronger Security Protecting Critical Assets with Cisco Security 2017 Cisco and/or its affiliates. All rights reserved. 2017 Cisco and/or its affiliates. All rights reserved. The
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationCISNTWK-440. Chapter 5 Network Defenses
CISNTWK-440 Intro to Network Security Chapter 5 Network Defenses 1 Objectives Explain how to enhance security through network design Define network address translation and network access control List the
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationThe Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an
Solution Overview Cisco ACI and AlgoSec Solution: Enhanced Security Policy Visibility and Change, Risk, and Compliance Management With the integration of AlgoSec into the Cisco Application Centric Infrastructure
More informationVANGUARD WHITE PAPER VANGUARD GOVERNMENT INDUSTRY WHITEPAPER
VANGUARD GOVERNMENT INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationDaxko s PCI DSS Responsibilities
! Daxko s PCI DSS Responsibilities According to PCI DSS requirement 12.9, Daxko will maintain all applicable PCI DSS requirements to the extent the service prov ider handles, has access to, or otherwise
More informationDECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT
DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT SUMMARY Industry Federal Government Use Case Prevent potentially obfuscated successful cyberattacks against federal agencies using
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationInsurance Industry - PCI DSS
Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services. Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance with the
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Version 1.0 Release: December 2004 How to Complete the Questionnaire The questionnaire is divided into six sections. Each
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationCSC - DRAFT - VER6c FOR PUBLIC COMMENT ONLY
The Center for Internet Security Critical Security Controls Version 6.1 Family Control Control Description SecureTheVillage Critical Security Control #1: Inventory of Authorized and Unauthorized Devices
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationTop-Down Network Design
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer 1 Network Security Design The steps for security design are: 1. Identify
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationCritical Infrastructure Protection for the Energy Industries. Building Identity Into the Network
Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement
More informationAAD - ASSET AND ANOMALY DETECTION DATASHEET
21 October 2018 AAD - ASSET AND ANOMALY DETECTION DATASHEET Meaningful Insights with Zero System Impact Classification: [Protected] 2018 Check Point Software Technologies Ltd. All rights reserved. This
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationSECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE
SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 8 9 10 11 12 14 15 16 INTRODUCTION THREATS RISK MITIGATION REFERENCE ARCHITECTURE
More informationThe New Security Heroes. Alan Paller
The New Security Heroes Alan Paller apaller@sans.org How they attack Spam with infected attachments Web sites that have infected content The most dangerous: targeted attacks Fooling the victim into Installing
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More informationHelp Your Security Team Sleep at Night
White Paper Help Your Security Team Sleep at Night Chief Information Security Officers (CSOs) and their information security teams are paid to be suspicious of everything and everyone who might just might
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationSECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS
SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS PROTECT YOUR DAILY OPERATIONS FROM BEING COMPROMISED In today s data-driven society, connectivity comes with a cost.
More informationClearPath OS 2200 System LAN Security Overview. White paper
ClearPath OS 2200 System LAN Security Overview White paper Table of Contents Introduction 3 Baseline Security 3 LAN Configurations 4 Security Protection Measures 4 Software and Security Updates 4 Security
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More informationNetworking and Operations Standard
Networking and Operations Standard Version: 1.7 Document ID: 3544 Copyright Notice Copyright 2017, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationAddressing PCI DSS 3.2
Organizational Challenges Securing the evergrowing landscape of devices while keeping pace with regulations Enforcing appropriate access for compliant and non-compliant endpoints Requiring tools that provide
More information