CIS Control 12: Network infrastructure management

Networks are an essential core for our modern society and businesses. These networks are made up of many types of components that make up the network infrastructure. Network infrastructure devices can be physical or virtual and include items such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords which, if deployed as is, can significantly weaken a company’s network infrastructure. Even if network devices are hardened with non-default configurations and strong passwords, over time these devices will be targeted by new vulnerabilities discovered by security researchers.

Key points to remember for Control 12

Organizations need to ensure that the teams that implement and operate the network infrastructure have processes and procedures in place that include capabilities to have a secure network infrastructure. These processes and procedures include, but are not limited to:

  1. develop a network security architecture,
  2. set up a process of continuous improvement of safety,
  3. create and develop a network security maturity model,
  4. develop and maintain network architecture diagrams and documentation,
  5. ensure that there are no default settings or passwords for network devices, and
  6. implement a patch and vulnerability management program for network infrastructure devices.

Control 12 is designed to help organizations build and maintain a more secure network infrastructure.

Safeguards for control 12

1: Make sure the network infrastructure is up to date

The description: Make sure the network infrastructure is kept up to date. Example implementations include running the latest stable version of the software and / or using currently supported Network as a Service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.

Remarks: The security function associated with this backup is Protect.

2: Establish and maintain a secure network architecture

The description: Establish and maintain a secure network architecture. A secure network architecture should manage segmentation, least privilege, and availability at a minimum.

Remarks: The security function associated with this backup is Protect.

3: Securely manage the network infrastructure

The description: Securely manage network infrastructure. Examples of implementations include infrastructure as version controlled code and the use of secure network protocols, such as SSH and HTTPS.

Remarks: The security function associated with this backup is Protect.

4: Establish and maintain architecture diagrams

The description: Establish and maintain architectural diagrams and / or other network system documents. Review and update documentation annually or when significant changes within the business could impact this backup.

Remarks: The security function associated with this backup is Identify.

5: Centralize network authentication, authorization and audit (AAA)

The description: Centralize the AAA network.

Remarks: The security function associated with this backup is Protect.

6: Use of secure communication and network management protocols

The description: Use secure communication and network management protocols (for example, 802.1X, Wi-Fi Protected Access 2 (WPA2) Enterprise or higher).

Remarks: The security function associated with this backup is Protect.

7: Make sure remote devices are using a VPN and connecting to a company’s AAA infrastructure

The description: Require users to authenticate with corporate-managed VPN and authentication services before accessing corporate resources on end-user devices.

Remarks: The security function associated with this backup is Protect.

8: Establish and maintain dedicated IT resources for all administrative work

The description: Establish and maintain dedicated IT resources, physically or logically separate, for all administrative tasks or tasks requiring administrative access. IT resources should be segmented from the main corporate network and not have Internet access.

Remarks: The security function associated with this backup is Protect.

Find out how simple and effective security controls can create a framework that helps you protect your organization and your data against known cyber attack vectors by downloading this guide.

Learn more about the 18 CIS controls here:

CIS Control 1: Inventory and control of company assets

CIS Control 2: Inventory and control of software assets

CIS 3 check: Data protection

CIS Control 4: Secure configuration of company assets and software

CIS 5 control: Account management

CIS Control 6: Access control management

CIS Control 7: Continuous vulnerability management

CIS Control 8: Management of audit logs

CIS Control 9: Email and web browser protections

CIS Control 10: Malware defenses

CIS 11 check: Data recovery

CIS Control 12: Network infrastructure management


Source link

Comments are closed.