Hey, everyone, welcome back to the core. So in the last video, we just took a look at how
control number seven, which again was email Web browser protections. How that mapped up to the NIST cybersecurity framework.
In this video, we're to take a look at Control number eight, which is form our defenses. We'll take a brief overview of it as well as a look at the sub controls.
So controlled number eight, as I mentioned, is about Mauer defenses. So we're talking about defending against various Mauer, and one of the most common ways for Attackers to get it in is through phishing or various social engineering methods. So sending you that phishing email that hey, you need to open up this invoice. It's urging its from the CEO, and then you click on it and
on be notes to you and download some type of Mao on your system.
Phishing attacks air one of the ways we're seeing quite a bit of ransomware attacks these days, So just be mindful and verify that thesaurus of the email is actually jit and that you're actually expecting whatever document that is again going back to the previous control we talked about. It's a good idea, this sandbox, any type of
attachments for your users. So that way, if they do click on something, it's not spreading across your network
On this screen shot here is just a screenshot of some ransomware, which is a wanna cry ransomware
some control 8.1 Swear we're talking about usual izing, some kind of centralized manage the anti malware software. So rather than us, have to manually go and
click on every endpoint in our network. We want some single place where we can push out updates for the same time. Our solution. We can run scans. We could do all sorts of things from a single location.
Now, you'll primarily find this with Groups two and three. However, if you're a small business owner from Group one out there, you're not working with a lot of sensitive data. I still encourage you to have. You don't have to necessarily get centrally managed in time. Our software. But just get an time our software
eso something like Mauer bites or so forth any of any number of ones out there
that you can use. But just make sure you're running that on your systems, a sort of additional part of defense in depth.
So some control 8.2 ensuring the anti malware software and signatures are actually updated, right? So again, going back to that centralized management, we want to make sure we're pushing out those updates to all over endpoints. And if you're a small business owner out there again, you just want to make sure that you're regularly updating the software. Most of them will automatically update, but you could get some that you would have to manually update as well.
Usually, free versions of the anti Miller Softwares are the ones you'll have to update on your own and other versions that are paid. They'll normally just automatically updated for you unless you specify otherwise.
Some control 8.3 is what we're talking about, enabling operating system Antioch exploitation features if they're available, or deploying those anti exploitation technologies.
So primarily you're going to see that configured with groups two and three because they've got the dedicated I. T. Or cybersecurity. Resource is
Configuring anti Miller scanning of removable media, right. So as we're plugging in that removable media, we want to make sure that we're it's automatically going to be scanning it once we connect it to our system.
Now this is across the board. He always wanted to be scanning anything that you're plugging in
some control. 85 Configuring devices to not auto run content. In fact, windows, usually by default, will have. USC is what is called user account control. So as you go to, like, install software, for example, or download something, it may prompt you and say, Do you really want to do this right? It's normally when you go to install some type of software,
and it allows you to look at the publishers certificate if it's available the security certificate.
If it's not available, we might say, like unknown or something. So it's just a measure in place. Don't take that is 100% protection because nothing 100% and also ah, lot of malware authors out there were right it toe where bypasses that and you don't even get that prompt. And it's already installing in your system
some control 8.6 again going back to centralized and time our solutions. We want to make sure that we centralized the logging for it as well. So we can look in one location and see if we actually are having various attacks take place And what type of malware we're getting Quarantine. So that might lead us to say, Oh, we need to block this particular I p address. Right? We men need to block
these types of signatures, etcetera.
Some control 87 enabled DNs query logging.
So again, just detecting any type of host name lookups for known malicious domain. So going back to what we talked about earlier about those malicious domains that we know about
And finally, some control a point it enabling command line audit, logging.
So just said basically, any time someone's trying to run like, say, for example, Microsoft Power Shell are running a bash script we want to enable logging of that. So we could say, Wait a minute here. What are they running? Why are they running that? Because it was like Stephen Accounting, for example, Why would he need to run a bash script, right? Or power shell script?
That doesn't really make a lot of sense. Maybe he does, right? Maybe it's legitimate, but
usually something like that would be a good red flags. We want to make sure we're logging that so we could get alerted to those issues.
So this video we just talked about CIA's control number eight again. It's around my our defenses.
In the next video, we're gonna take a look at how those map to the NUS cybersecurity framework and then also following that, we'll have a lab where actually go ahead and create our own malicious execute will file very simple file, and then we analyze that file as well.