Control 12 Mapping to the NIST Cybersecurity Framework
9 hours 54 minutes
everyone Welcome back to the core. So in the last video we took an overview of
CIA's control. Number 12 which is boundary defense, And this video were to take a look at how that maps up to the NIST cybersecurity framework.
So some control 12.1. We need to maintain an inventory of our network boundaries. So we talk about boundaries. Were talking a lot of times about firewalls, TMZ's as well as using things like Bastion hosts
12.2. We're talking about scanning for unauthorized connections across our trusted network boundaries because we want to make sure that someone's not on the outside connecting to us and vice first. So we don't want an insider threat baking beacon ing out to a command control server. Something like that. So that might be an indication that we've got some malware on our network.
Some control 12.3 denying communications with known malicious I P addresses. So this is actually one of the more simple ways of defending your network. But a lot of people just don't do it right. So if you know that there's indicators of compromise or bad I P addresses go ahead and just block those. There's no reason for you to have those coming into your network.
Some control. 12.4 Denying communication over Unauthorized Port So if we know that specific ports aren't common commonly used by various malware than we can just go ahead and block communication over those specific ports.
Some control. 12.5 Configuring monitoring systems to actually record the network packets. Eso You know, you could even use something like wire shark right to go ahead and capture those network packets and then analyze them and monitor them
and some control. 12.6 Deploying network based intrusion detection systems sensors.
So really this using the network i. D. S right. So instead of just the host ideas, use a network ideas to see what kind of activities on our network. And is there any indication that there is a potential event occurring?
Some control 12.7. That's where we're talking about deploying network based intrusion prevention systems, right? So most of the time we're going to see them combined, right, so you'll see an idea slash i ps in use, but sometimes people will have them separate as well.
Some control 12 point eighths, where we deployed net flow collection on network boundary devices. And that matches up to you. The this cybersecurity framework with D C M Dash one
some control, 12.9. So what? We're talking about deploying application layer filtering proxy servers.
And so this matches up to a couple of CSF items, so D e C M dash one and dash seven as well.
Some control 12 10 is decrypting network traffic at proxies. So we want to make sure we can decrypt the traffic as much as possible. Some things like https. We may not be able t 02 decrypted. Excuse me, uh, at at the fire all depending on what we're using.
But we wanted to decrypt it as much as possible because a lot of times Attackers will
just encrypt their packets. And then traditional systems can analyze those rights. We wanted decrypted before we allow it to actually get on our network.
Some control 12 11 requires all remote Loggins to use multi factor authentication. This is actually a best practice you should already be doing. If you're not, make sure you implemented a soon as possible, because all I have to do is compromise your user name and password I can get on. But if you've got some type of multi factor authentication in place where maybe I
I get a code to my my phone or
I get a code to my authenticator that I have to put in something like that, then that's That's what we want to use to just put another layer of protection in place is 100% No, right. But it gives us some additional protection. 12.12. That's where we're talking about managing all devices that are remotely logging into our network.
So in this video, we just talked about how c I s control 12 boundary defense actually maps up to the next cybersecurity framework in the next module, we're gonna take a look at data protection.