9 hours 54 minutes
Hey, everyone, welcome back to the core. So in the last video, we took a look at control number six and we had seen how that maps up to the new cybersecurity framework.
In this video, we're gonna talk about Control number seven, which is email of Web browser protections. So we're to talk about what C. I s control seven is why it's important, as well as a brief overview of the various sub controls.
So control number seven and email of Web browser protection. It's It's really self explanatory, right? We know that Attackers come through email through various phishing attacks. We also know that Attackers come through Web browsers. But let's look at the other side of things with data loss prevention.
Do we know if our employees air emailing out sensitive data? Do we know if they're sending it through a browser or if it's being Excell? Excell traded through a browser because they downloaded some type of malware?
So these are the things we need to think through as part of CIA's control number seven.
So let's talk about the various sub controls here.
We want to make sure that our users air only using fully supported browsers as well as email clients. So, as an example, if our organization, let's say,
we can only use Google chrome
and we can't use fire Fox.
So we want to make sure that our users can't solve Firefox or that if they do, we get a notified of it because we want them to only use fully supported browser now, of course, in that example, Google chrome is not a very good one to give the example of because it's very insecure as well as Google X to take your data right.
But you get the idea. We want to make sure that if we've got certain browsers that we want our users to use than they need to be using those right, they shouldn't be using something else. They shouldn't download something else, like the Tor browser, for example,
also with female clients making sure that they're actually using the email clients that we want them to. We don't Maybe maybe we don't want them to check their Gmail counter their Yahoo account, right? We just want them to use their work email. So these are the things we need to think through as part of sub control 7.1, and you'll notice this touches all the groups, right?
This is also for small business owners out there. Groups number one
some control 7.2 disabling any unnecessary unauthorized browser or email client plug in. So just disabling those browser plug ins that people don't actually need, that they may try to install just cause it's easier for them or they've used it at home. So just making sure that you got something, a place primarily to block those from occurring. Or if you
I don't have something to block people from installing plug ins,
then just make sure you got something to monitor alert you that those plug ins are there, so you can be sure to remove those
some control. 7.3
Use limiting the use of scripting languages and Web browsers and email clients again. Just making sure that those insider threat type people can't You can't do anything nefarious. Aziz. Well, a ziff it Attackers coming in. You can limit the use of those scripts, right? So just making sure that your users aren't getting is too much access to do things
is really what this boils down to
some control. 7.4 Maintaining and enforcing the network based U R L Filter. So again, just making sure that if I'm a user, I can't go to places that I shouldn't
some control 7.5 similar thing here with the oral categorization service. We're really just trying to prevent you as a user from going to places you shouldn't write. So, making sure that
we want to
make sure that the girls are updated for the latest like websites, making sure that if a site is un categorized that were blocking it too by default, right? So that's why we're using those types of things
some control. 76 We want to log all your l request, right? So every single system that we have on our network we want to make sure we're logging those requests. Now it may be challenging with b r B Y o d. Right, But anything that's that's issued by us, So if he issue you a laptop or we issue a workstation
or if we issue a mobile device,
we want to make sure that we can identify
those euro requests so we can hopefully identify potentially malicious activity right as well as
helping us assist any type of incident response team to say. Okay, yes, this was the euro. They went to you and this. Yes, that is a malicious you, Earl. And now we know that, and so we can block it in the future.
So control 77 use of DNS filtering services.
So again, just using DNS filtering to help block access to any type of known malicious domain. And this is really across the board, right? So you want to block your employees from doing the from accessing known malicious domains?
Some control 7.8, implementing things like Demark and also enabling receiver side verification. So, really, all we're doing here is we're trying to lower the chance of spoofed or modified emails, even if they're from valid domains. Right?
So this is why we're using things I d Mark. And then we can also verify
with e center policy framework
and also DK, DK and standards as well. So there's a lot of things we can put in place to help verify that Yes, this person that sent the email is actually the real person, right or yes. This actually came from a legitimate source and not something spoofed
some control. 79 Blocking unnecessary file types.
So, for example, if
you don't need e etc. Files coming through email, block him right if you don't need deal. Els Block. Um, so just blocking anything that's unnecessary. So that way it reduces the attack surface to some extent for your organization.
Some control 7.10 So here we're just sand boxing, all email attachments. Now there's many organizations that don't actually do this, but I do recommend that you do sandbox your email attachments. So that way, as a user clicks on it,
nothing else happens, right? It just maybe stays on their system and doesn't
allow the attacker to go through the network.
So in this video, we just talked about CS Control number seven. In the next video, we're gonna take a look at how that maps up to the cybersecurity framework.