Control 4 Mapping to the NIST Cybersecurity Framework
9 hours 54 minutes
Hey, everyone, welcome back of the course. So in the last video, we went over a brief overview of Control number four, which is controlled use of administrative privileges
and this video. We're gonna take a look at how control number four matches up to the missed cybersecurity framework.
So it's a sub control 4.1. We're talking about maintaining the inventory of our administrator accounts, right? So we want to make sure that no one's creating extra accounts out there, especially insider threats or people that have left our organization. We want to make sure that they haven't created something that shouldn't be there
Some control. 4.2 Changing default passwords You'd actually be surprised where maybe you won't buy how Maney organizations still are using default credentials on routers, switches, firewalls, their cloud infrastructure. So just make sure that you're changing any default passwords or credentials out there
and changing them to something that's very difficult for someone to get access to right.
You also need to make sure that you've got some type of auditing process in place to identify when there's default credentials being used.
Some control. 4.3 We're talking about ensuring the use of dedicated administrative accounts. So don't just give everyone and admin account and don't just create accounts that have all the same access. Make sure your segmented that stuff out because you want to focus on the principle of least privilege, right?
So when we met the tennis cybersecurity framework, we're talking about P r A. C Dash four
Some control 4.4 using unique password. So don't use the same password across everything. And don't just make it a variation, right? So if you're using, for example, a bad password like password 1234 Don't just add an exclamation point or a question mark at the end and say, Oh, that's good enough, right? Make sure their unique passwords that
are not common dictionary ones. That would be very difficult for someone to actually guess
you see here there's not a direct correlation to the next opportunity framework, but this framework does talk about passwords, but not in a direct 1 to 1 match to the unique passwords.
Some control 4.5 years and multi factor authentication, right for all the administrative access, and I would actually take this one step further and talk about making sure that your employees or your end users are using multi factor as well to log into various things
some control 4.6 using dedicated machines for all of your administrative tasks. So I actually tell people outside of the corporate environment in their homes, if you're gonna be doing sensitive stuff like doing your banking or handling other assets that are sensitive, so sensitive data like financial or health care, etcetera, having dedicated machine
that you only use for that, right? So you hard in this machine really well
as well as you can, at least, and you only use that machine for your sensitive data and basically, just take it off line when you're not doing that stuff right, and then have another machine where your kids can get on there and surf the Internet and download whatever malware they're doing, etcetera, etcetera, right, So have dedicated machines for that.
Many of those people don't listen to me, but I do recommend this. That's something people do now in the corporate environment. You want to make sure that you have specific machines that are dedicated to administrative task. If you think about it in like a classified environment, tried to have machines that are dedicated for that. To touch that classified information, she have to go through a lot of checks and balances to get
access to those
so similar thing here. Maybe not to that extreme, but you want to make sure that there are dedicated machines and there is a process for people to be able to get in and get access to those machines.
Some control. 4.7 Limiting the access to script tools So again, you don't want someone that's an insider threat or potential insider threat, just writing their own scripts and throwing them out there on the on your network.
Some control. 4.8 log and alert So again, there's no point in logging if you're not gonna get alerts, tell you hey, this change has been made to the administrative groups, right? Somebody's out of themselves to the local admin group or the network admin or whatever right or that of themselves as an admin too active directory. We should get an alert on that because it helps us identify
what's actually occurring. And if we're actually under attack, right?
Some control 4.9
going back to the previous one. A little bit longing in a learning on any unsuccessful admin account log in attempts, right? So if there's multiple failures of someone trying to log in, that's probably not that person, right? Most people are gonna remember their password or they're gonna contact you. Say, Hey, can you reset my password? Right.
You also want to? It's not mentioned here, but you also want to make sure you're doing lockouts. So after three or four failed attempts, we lock you out, and then you have to contact a human on our team to make sure that it's actually you trying to get in.
So in this video, we just took a look at control number four. So again, that's controlled use of administrative privileges. And how that maps up to the next cybersecurity framework
in the next module, we're gonna take a look at control number five