Your SlideShare is downloading. ×
Critical Controls Of Cyber Defense
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Critical Controls Of Cyber Defense


Published on

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Critical Controls for Cyber Defense
    CISSP, MVP (Consumer Security)
    CEH, CIW Security Analyst, MCTS, MCSE, MCSA
  • 2. Computer Attacker Activities and Associated Defenses
    Security defenses include identifying attacker presence and reducing “living space”
    Security defenses include controlling superuser privileges [admin and root]
    Security defenses include disrupting command and control of attacker-implanted software
    Security defenses include decreasing attack surface and hardening security
  • 3. Critical Control 1
    Boundary Defense
    • All outgoing traffic must pass through at least one proxy on a DMZ network
    • 4. All remote login access required to use two-factor authentication
    • 5. Health checking of all remotely logging devices
    • 6. Periodically scan for back-channel connections to the Internet that bypass the DMZ
    • 7. Identify covert channels exfiltrating data through a firewall with built-in firewall session tracking mechanisms
  • Critical Control 2
    Secure Configurations for Network Devices such as Firewalls, Routers and Switches
    • Compare firewall, router and switch configuration against standard secure configurations defined for each type of network device
    • 8. Implement ingress and egress filtering
    • 9. Management network should be seprated from production network
  • Critical Control 3
    Wireless Device Control
    • Ensure that each wireless device connected to the network matches an authorized configuration and security profile
    • 10. Ensure all wireless traffic leverages at least AES encryption used with at least WPA2 protection
    • 11. Ensure wireless networks use authentication protocols such as EAP/TLS or PEAP
    • 12. Disable peer-to-peer wireless network capabilities on wireless clients
    • 13. Disable wireless peripheral access of devices
    • 14. Regularly scan for unauthorized or misconfigured wireless infrastructure devices
  • Critical Control 4
    Limitation and Control of Network Ports, Protocols and Services
    • Use Host-based Firewalls or port filtering tools
    • 15. Regularly review the ports, protocols and services needed
    • 16. Operate critical services on separate physical host machines
    • 17. Port scanning tools are used to determine which services are listening
  • Critical Control 5
    Malware Defenses
    • Monitor workstations, servers and mobile devices for active, up-to-date anti-malware protection
    • 18. All malware detection events should be sent to enterprise anti-malware administration tools and event log servers
    • 19. Configure laptops, workstations and servers so that they will not auto-run content from removable media
    • 20. Configure systems to conduct an automated anti-malware scan of removable media when it is inserted
  • Critical Control 6
    Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
    • Standardized images should represent hardened versions of the underlying OS and the applications installed on the system
    • 21. Utilize file integrity checking tools to ensure that critical systems files have not been altered
  • Critical Control 7
    Application Software Security
    • Protect web applications by deploying web application firewalls that inspect all traffic flowing to the web application for common web application attacks
    • 22. Check for in-house developed and third-party procured web and other application software for coding errors, malware insertion, including backdoors prior to deployment
    • 23. Verify that security considerations are taken into account throughout phases of the application development life cycle of all applications
  • Critical Control 8
    Controlled use of Administrative Privileges
    • Should have a good password policy
    • 24. Change all default passwords before deploying
    • 25. Ensure that administrator accounts are used only for system administration activities and not for reading e-mail, composing documents or surfing the Internet
    • 26. Configure systems to issue a log entry and alert when an account is added to or removed from domain administrators group
    • 27. User awareness
  • Critical Control 9
    Controlled Access Based on Need-to-Know
    • Establish a multi-level data identification or separation scheme
    • 28. Ensure that file shares have defined controls
    • 29. Enforce detailed audit logging for access to non-public data and special authentication for sensitive data
  • Critical Control 10
    Account Monitoring and Control
    • Establish a good account management policy
    • 30. Review all system accounts and disable any account that cannot be associated with a business process and business owner
    • 31. Monitor account usage to determine dormant accounts
    • 32. Monitor attempts to access deactivated accounts through audit logging
  • Critical Control 11
    Inventory of Authorized and Unauthorized Software
    • Devise a list of authorised software that is required
    • 33. Deploy software inventory tools
    • 34. Deploy software white-listing technology that allows systems to run only approved applications and prevents execution of all other software
  • Critical Control 12
    Inventory of Authorized and Unauthorized Devices
    • Devise a list of authorised devices
    • 35. Deploy asset/network management tools
  • Critical Control 13
    Maintenance, Monitoring and Analysis of Security Audit Logs
    • Logs should be recorded in standardized format such as syslog or those outline by Common Event Expression (CEE) initiative
    • 36. Network boundary should be configured to log verbosely all traffic arriving at the device
    • 37. Ensure logs are written to write-only devices or to dedicated logging servers
    • 38. Deploy SEIM system tool for log aggregation and consolidation
  • Critical Control 14
    Data Loss Prevention
    • Deploy hard drive encryption software to laptop machines that hold sensitive data
    • 39. Control the use of removable devices
    • 40. Data stored on removable drives should be encrypted
    • 41. Deploy an automated tool on network perimeter that monitors certain Personally Identifiable Information, keywords and other document characteristics to determine attempts to exfiltrate data
  • Critical Control 15
    Continuous Vulnerability Assessment and Remediation
    • Run automated vulnerability scanning tools against all systems
    • 42. Compare the results from back-to-back vulnerability scans to verify that vulnerabilities were addressed
    • 43. Measure the delay in patching new vulnerabilities
    • 44. Deploy automated patch management tools and software update tools
  • Critical Control 16
    Secure Network Engineering
    • Segment the enterprise network
    • 45. Follow best security practices for deploying servers, network devices and Internet services
    • 46. Network should support rapid response and shunning of detected attacks
  • Critical Control 17
    Penetration Tests and Red Team Exercises
    • Conduct regular penetration test to identify attack vectors
    • 47. Perform periodic red team exercises to test the readiness of organizations to identify and stop attacks or to respond quickly and effectively
    • 48. Ensure that systemic problems discovered in penetration tests and red team exercises are fully mitigated
  • Critical Control 18
    Incident Response Capability
    • Should have written incident response procedures
    • 49. Should assign job titles and duties for handling incidents to specific individuals
    • 50. Should notify CERT-In in accordance
    • 51. Publish information to all personnel about information of incidents for awareness
    • 52. Conduct periodic incident response drills for scenario to ensure that personnel understand current threats, risks and their responsibilities
  • Critical Control 19
    Data Recovery Capability
    • Should have good backup policy
    • 53. Ensure that backups are encrypted
    • 54. Backup media should be stored in physically secure areas
  • Critical Control 20
    Security Skills Assessment and Appropriate Training to Fill Gaps
    • Develop security awareness trainings
    • 55. Devise periodic security awareness assessment quizzes
    • 56. Conduct periodic exercises to verify that employees and contractors are fulfilling their information security duties
  • Resources
    • 57.