Overview of Control 12

00:01

everyone Welcome back to the core. So in the last video, we wrapped up that lab

00:05

on fire wall set up in configuration. So again, that lab did not have a walk through video. It was just a brief overview. So if you haven't completed that yet, go ahead and pause this video. Go back to that one. The step by step lab guide is in the resource is section of the course, so you can go through step by step on your own.

00:20

In this video, we're to talk about CS control number 12 which is boundary defense.

00:26

So we're gonna talk a little bit about the control as well as the sub patrols associated with it.

00:32

So when we talk about boundary defense realistically these days, the boundaries pretty blurred, right? The traditional network had the d m Z and that sort of stuff we had this boundary of You've got to get through my firewalls and you won't get into my internal network. But really, that's blurred thes days with most attacks. And so

00:50

when we talk about boundary defense were really strong, take measures to

00:55

reduce the likelihood or at least put things in place to make it more difficult

00:59

for the attacker to get in and move laterally through our networks, right? So using things like network segmentation on and we're also talking about architectural weaknesses. So we may put out a Web server, for example, but we may not configure that properly. We night may not hard in it and may not. It may have software that we don't need on there,

01:17

but we haven't taken the time to actually go through and remove this software. So

01:21

just keep that in mind that we're really just talking about trying to harden their perimeter some extent, as much as possible. But really, there's no

01:29

full protection with the perimeter anymore, right? There's no there's no 101 100% anything like that and they never was. But now the lines are pretty blurred is very simple for someone to get into our internal network in most cases. So just keep that in mind that when we talk about boundary defense, this is not a phenomenal,

01:48

you know, fix everything. Top of thing. It's just one of the things in the defence in depth type of process,

01:55

some control. 12 1 We're talking about maintaining inventory of the network boundaries. So we need to understand what devices are on that perimeter. Right. So, as an example in this castle pictured here,

02:05

I need to make a log of Yes, I've got a castle wall, right? Yes, I've got a moat. Yes, I've got trees and forests around. Yes, I've got an open field behind. So these air, these would be like my network devices on the perimeter to try to keep the Attackers out.

02:20

Are they 100%? No, of course not. Right. Because maybe the attacker snuck in on a Trojan horse in their inside already. And none of that matters once you're inside.

02:29

But that's the overall concept here. We just want to maintain an inventory of what we actually have out there on the perimeter.

02:37

So controlled 12 to skinning for unauthorized connections across our trusted network boundaries. So, again, helping to identify the Attackers we want toe regularly perform scans from outside each of our trusted network boundaries.

02:50

That way we can detect any on the authorized connections that are accessible across those boundaries.

02:55

Some control. 12 3 We're talking about denying communications with known malicious I P addresses. Right So if we have indicators of compromise? No, not malicious. I p addresses. We just want to make sure we're blocking those

03:08

some control. 12 4 Denying communication over any unauthorized ports.

03:13

So again, going back to understanding

03:15

what ports we actually need. And then if that, if it's out of place, if it's unauthorized, then we just make sure we go ahead and block that immediately.

03:25

Some Control 12 5 Configure our monitoring systems to actually record the network packets, right? So we just want to make sure that's what we're monitoring.

03:32

Ending that were packets that were passing through the boundary at each of our nowhere boundaries. We might have multiple never boundaries for our particular organization.

03:44

We also want Teoh in sub control 12 6 as well as some control. 12 7 We're just basically want to make sure we deploy network based intrusion detection and intrusion in preachers and prevention systems. So we want to be able to detect what's going on, as well as block known malicious attacks

04:00

to protect our network better, and you'll usually see these in

04:04

ah, larger organizations. However, there are some anti Mauer solutions that do have, like very light versions of I PS ideas built in. So as a small business owner, you may also have that as an option.

04:18

Sub control 12 8 Talking about deploying net flow Collect collection

04:24

on network boundary devices

04:30

some control 12 9 Deploying application layer filtering proxy server

04:39

Some control 12. 10 We're talking about decrypting the network traffic at the proxy. So we want to make sure we decrypt all that interested encrypted traffic at the boundary prior to analysing the content. Because obviously, we can't look inside of encrypted traffic without decrypting it first. In most cases,

04:59

sub patrol 12 11 recording all the remote log in. So all the remote users that are logging in making sure that they use multi factor authentication. Right. So that way, if somebody does compromise their user name and password, at least we've got another measure of protection in place.

05:17

We also for those remote users, will also want to make sure that we require them to encrypt any traffic in transit. So things like VP ends right using a VPN can help with that quite a bit.

05:29

And then finally, some control. 12.1 too many told our devices remotely logging into the internal network. So again, we want to scan across all of our enterprise devices that are remotely logging into our network and prior to them, accessing the network. Right. So we want to make sure that they're actually following our security policies, making sure that they got

05:46

the way to software updates, etcetera before

05:49

Ah, they're allowed to connect to our internal network.

05:57

So this video it is took a look at C. I s control number 12. So again, control number 12