This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Defense in Depth: Top 10 Critical Security Controls
Mary Y WangOctober 28, 2016
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
Annual Women Engineers Conference 2016
05/02/2023 2
Why Center for Internet Security (CIS) Critical Security Controls Work?
Based on actual attacks and effective defenses
Based on prioritiesNot one-size-fits-all
solutions
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NO N-EXPORT CONT ROLLED TECHNICAL I NF ORMATIO N
05/02/2023 3
1. Inventory of Hardware Authorized and
Unauthorized Devices– Attackers are
continuously scanning the target organizations
– Attackers are waiting for new and unprotected systems to be attached to network
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMATIO N
05/02/2023 4
2. Inventory of Software Authorized and
Unauthorized Software–Attackers are
continuously looking for vulnerable versions of software that can be remotely exploited
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NO N-EXPORT CO NT ROL LED T ECHNICAL INF ORMATI ON
05/02/2023 5
3. Secure Configurations of Hardware and Software
Default configurations are for ease-of-use not security
Open services, ports, default account or passwords–Can be exploitable
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMATIO N
05/02/2023 6
4. Continuous Vulnerability Assessment and Remediation Scan for vulnerabilities and
address discovered flaws Understand and manage
vulnerabilities is a continuous discovered activity
Attackers have the same information– Race to deploy an attack
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMATIO N
05/02/2023 7
5. Controlled Use of Administrative Privileges Track and control the
use of administrative privileges
Attackers can take advantage of uncontrolled administrative privileges– Can crack the
password
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMATIO N
05/02/2023 8
6. Maintenance, Monitoring and Analysis of Audit Logs
Collect, analyze audit logs of events– Detect an attack– Recover from an attack
Sometimes, logs are the only evidence of an attack
Attackers can also hide their activities
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMATIO N
05/02/2023 9
7. Email and Web Browser Protections Minimize the attack surface
through web browsers–Fully up to date and patched–Default – not installing
plugins, ActiveX controls–Block third-party cookies
Attackers use phishing emails as the entry point of attack
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
05/02/2023 10
8. Malware Defenses Control the installation and
spread of malicious code Attackers can use
malware to attack target organizations via number of entry points like end-user devices, email attachments and web pages
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NO N-EXPORT CONT RO LLED T ECHNI CAL INFORMAT ION
05/02/2023 11
9. Limitation and Control of Network Ports and Services
Manage and track the use of ports, protocols and services
Attackers are continuously searching for remotely accessible network services and open ports
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMATIO N
05/02/2023 12
10. Data Recovery Capability Backup critical information When attackers
compromise systems– Make significant changes
to configurations of software
– Make alterations of data When discovered, need to
remove all data that have been altered by attackers
NON-EXPORT CONT ROLLED TECHNICAL INF ORMAT ION
NON-EXPORT CONT ROLLED TECHNICAL INF ORMATIO N
05/02/2023 13
Win the Cyber War !!
05/02/2023 14
05/02/2023 15
05/02/2023 16
BiographyMary Y WangInformation Systems Security OfficerRaytheon Space and Airborne Systems, California
Mary Wang joined Raytheon in August, 2015. Currently, she works in the Raytheon Space and Airborne Systems Information Assurance organization. She has a strong passion in cybersecurity especially in the penetration testing and application security areas. Prior to joining Raytheon, she was a Senior Software Engineer and Project Lead at The Boeing Company. She worked on a variety of software projects at Boeing. Mary holds a Bachelor of Science degree in Computer Science and Masters degree in Master Business Administration. She is currently attending SANS Technology Institute for a graduate degree in Pen Testing & Ethical Hacking. Mary also has been a frequent speaker at Annual Women Engineers Conferences.