Hey, everyone, welcome back to the core. So in the last video we took a brief overview of CIA's control number eight, which again is around my our defenses
and this for the world to take a look at how control Number eight matches up to the NUS cybersecurity framework.
So some control 8.1. We're talking about utilizing a centrally managed and time our software, so making sure that we don't have to go manually updated on every single endures machine, we have one central location. We can push out software updates as well as monitor, and you'll see a little later on in the sub controls. Talking about monitoring the actual loves of the anti Mauer solution.
Sub control 8.2 matches up to D. E. C M Dash four from the sub security framework, and this is where we ensure anti malware software signatures are updated so again, really just going back to keeping that software updated. And the easiest way to do that for a larger organization or any organization is to have a central location to manage it.
Some control 8.3 is where we're talking about enabling any type of operating system anti exploitation features that they may have in place. So using things like Windows defender or full disk encryption, etcetera. Just using anything that's possible out there that may be applicable for the particular operating system we use.
And most organizations air using Windows or Mac
some control. Eight Point force. We're talking about configuring and time, our scanning of removal, removable devices. So things like the US bees that people like to drop in parking lives to get our employees to plug in right or
Somebody brings in their phone and they want to play music on their computer or whatever. So we want to make sure that we add a minimum scan those, but actually ah, better practice to use. That I've seen in play is blocking number one blocking from US bees, even if they're plugged in, blocking them from executing anything. And then number two wiping
personal devices that get plugged into our systems, right. So
as an example, someone comes. They plug in their mobile phone to their work computer to try to charge it or something like that. You wipe all the data from that phone to make sure that there's no Mauer on it. Right. So you just make sure that you make the employees aware that hey, if you go plug your device into this computer is gonna wipe all the data.
It's unclear at your contacts and everything, so don't do it
some control 8.5. Talking about configuring devices not to auto run content. So user account controls, one option and Windows to do so. Aziz Well, as like external things like a USB so again blocking it from launching anything after someone plugs it in
some control. 8.6 Again. I mentioned this earlier about centralized anti malware, right, centralized logging, centralized use of the anti malware solution. So we're talking about logging here, where matches up to D A Dash three. But really just taking a look at what's going on on the network. Right? So as a
as end user goes to some site that maybe shouldn't have or they download something
and it turns out to be something malicious than we get alerted. Hey, this event happened, right? The anti Mauer solution met whereby it's or so forth or whatever you're using that's captured this. That sandbox did. It's quarantined. It and we get a little alert that says it did that right, because there might be something that isn't caught by it
on that particular machines. We need to isolate the machine
and make sure that that was the only issue.
Some control 8.7 enabled DNS Query Logging
Sub control 8.8. Enabling command line audit, logging. So making sure that someone's not just running various commands as well as if someone's machine got compromised, Right, So we just want to make sure we're auditing works. Excuse me. Were logging that
So in this video, we just took a look at control number eight and how I mapped up to the next cybersecurity framework again. Control number ages around our defenses. And the next video wanted to take a look at our analyzing classified malware lab. So again, we're gonna be creating a simple piece of malware and then just performing some checks against it.
So don't worry about if you don't know how to do that, we're gonna walk through it step by step in the lab. And as with all the labs in this course,
there are step by step guides available in the resource is sections will be sure to download those so you can follow along with a lab at your own pace.