9 hours 24 minutes
everyone welcome back to the course. So in the last video, we wrapped up our lab
around data backup and recovery.
In this video, we're to talk about control number 11. So we're gonna be talking about secure configuration for network devices. So things like our firewalls, routers and switches world's gonna take a high level Look at the sub controls for control number 11.
So one thing to keep in mind is that most of the devices we get are configured insecure by default. So we get, like, the router with the default years or credentials, we get to firewall with the default admin, admin or whatever the password might be.
So we get all these things and we plug them into our networks. That's why it's important for us to immediately
update those credentials from the defaults
because it doesn't take that long for an attacker to scan, find the vulnerable device and try to start attacking it as soon as we plug it into our network.
Now we want to make sure we've got some kind of a process in place around this. So making sure that we got, for example, for if we're setting up several applications firewalls, making sure that we've got specific rules sets we're going to use. And then we could just configure those across those firewalls instead of us trying to figure it out. Every single new fire while we're implementing. Right. So making sure that we got those processes in place
as we add new devices to our network.
So some control 11.1. We're talking about maintaining standards. Security configurations. Really? Just what we talked about, right? Making sure we got that documentation in place of how are we securing these things? What is the What is the policy for a procedure for updating these default credentials?
How should we be configuring these? What port should be open, etcetera, etcetera, Right.
Some control 11.2 documenting traffic configuration rules. So, as we were setting up these configuration rules about what traffic is allowed to flow across their network devices, we need to make sure we're documenting that in some time. Some kind of a configuration management system.
we also want to inside of there. We want to label what is a specific business reason for the rule, right, and who is responsible. So we want to put an individual's name in that configuration management system. Who's responsible for that specific business need? So why are we opening up this port, for example?
What's the business reason for that? Who's responsible for that particular business need?
And then how long is that need for right? Is it in an indefinite need like we have to always keep this port open or is a short term? Like maybe there's a special project that accounting is working on and then just need temporary access through this particular port number or something like that. So we just want to document that, like, Why are we using this? Who's responsible for it? And how long are we doing this for?
So control 11.3.
Using automated tools do verify our standard device configurations and detect. So again, we don't want to go back to every single server and have to look through it and see OK, we set this up properly. Every single firewall do the same thing we want to make. This process is automated as we can.
So really, we're just gonna be comparing. Are all these different network device configurations against are approved
security configurations that we've defined for those devices in use, right? So as we've set those procedures in place in this policies,
we want to scan everything and say, yes, we're in compliance with those things. Air. Hey, you know, we're not. So if there's any deviation, we want to be alerted to that, right? So we can say, Hey, wait a minute. Maybe that device is compromised. Or maybe it was configured improperly, and we just need to fix a few things on it.
Some control 11.4
Installing the latest stable version of any security related updates. So again, stable version. So a lot of times a patch may came come out, but it may not be initially stable, so just keep that in mind. I always want to test your patches in a, uh, a non
production environment. If you can so tested in this test environment, roll off the patch, see if there's any issues.
Have certain users from each department that's gonna be affected by that. Have them test the patch in that training environment, see what's occurring. See if there's any issues with their normal workflow, and then
develop a rollout plan for the production environment.
Some control 11.5. We want to manage those network devices using multi factor authentication as well is encrypted sessions right? So making sure that when someone logs into this or when the device is saying yes, somebody's loved him properly. That is actually
the who's who. It should be right? So we're basically gonna be often to giving them through another means besides just a user name and password.
Self control 11.6 using dedicated workstations for any of our administrative tasks on the networking side. So we talked about this earlier in the course, making sure that we've got specific work stations that are dedicated just for those network administrative tasks.
And we don't want we want to keep those as isolated as possible and as hardened as possible as well.
So some control 11.7 Just managing the network infrastructure through a dedicated network.
going back to segment of things out, making sure that we separate the business use of the network, setting up things like the lands. For example, if you don't know what that is, virtual loca area networks, So setting up different business units on those different V lands to segment stuff out.
So this video, what has talked through CS control number 11 and the next video were to see how CIA's control number 11 maps up to the Miss cybersecurity framework. And also, I want to mention in this particular module we do have a step by step lab coming up. I do want to make mention of the fact that this lab will not be
there will not be a video going through. Step by step will give you a high level overview
off the lab and where to find the step by step lab guide. But you will want toe,
go ahead and do that lab on your own. And actually, the next several labs we have in this particular course are gonna be on your own. But there is a step by step guide associated with them. So again, there will be a brief overview video of me talking about the lab a little bit. But I will not be walking through
the next three labs step by step. So just keep that in mind. You want to make sure you go to the resource is section
of the course and download those step by step guides so you can complete the labs properly.
CIS Top 20 Critical Security Controls
This course will provide students with an overview of the CIS Top 20 Critical Security Controls v7.1. Students in this course will learn each CIS control and why it is important to an organization.