Overview of Control 9

00:00

everyone Welcome back to the core. So in the last video, we wrapped up our lab on malware. In this video, we're to talk about control number nine, which is the limitation in control of network ports, protocols and services.

00:12

So we'll talk through what C. S control nine is as well as, Well, take a look at the various sub controls.

00:19

So when we talk about control number nine, we're talking about controlling never reports, protocols and services. So we want to make sure that

00:26

are these protocols that we should be using are these ports that should be open.

00:31

What about the services that are running? Are these things that we should have running on her systems or not? So this is why we need to limit what can actually run on our systems. What ports could be open because a lot of times Attackers will try to just mimic some existing service, for example, and run their malicious code.

00:49

So a lot of times you'll see this, uh, with things you may see these issues with. If you're like, poorly configure in, like Web servers, Web servers, for example, your mail servers, any types of services

01:02

also if you're leaving on needed services running on various systems. So a lot of times when you install various software, they automatically will add a bunch on needed stuff. I remember that with a lot of anti virus solutions I used to use back in the day that at all sorts of stuff I didn't even need right

01:19

And Windows OS itself is a good example, right? You get all sorts of things on there that

01:23

you don't even need all sorts of services and applications. So just make sure that your hardening things in your disabling those unneeded services

01:33

So some control 9.1 where we want to associate active port services and protocols to our actual asset inventory. So making sure that we associate anything running to those hardware assets. And usually you're gonna see this with groups two and three just because they're gonna have the assets available to actually perform this right, the

01:51

i T. Or cybersecurity dedicated

01:53

assets to be able to do these things

01:57

some control. Nine. To ensuring that only the approved ports, protocols and services are running right. So again, going back to making sure that these are the things that should be there. And if it's not supposed to be there, we can go ahead and block it from running.

02:10

And we also want to make sure along these same lines is that we wanna make sure this is actual actually got a legitimate business function. So maybe it's not a malicious servers service running, but why are we running it?

02:23

Maybe it's something we could terminate because there's no real legitimate business need for it.

02:30

Some control. 93 performing regular automated port scans So kind of going back to what we talked about earlier about vulnerability scans. The other aspect here with port scanning. Right. So we want to make sure that we're scanning ports and seeing

02:43

what ports are open

02:45

and again going back to. Should they be open right?

02:47

Should they be listening? Are these ports that we should be running because there's a business need or is this may be an attacker, some type of malware on the system?

02:59

Some control 9.4 Applying host based firewalls or port filtering or all of the above right. Most organizations would just run like a host base firewall or some type of poor filtering on the end systems.

03:12

Basically, you want to have a default deny rule that drops all traffic except for

03:17

the services airports that you specifically want to run rights of. As an example, I've got pictured here Windows firewall. You could set that up to where it allows only the services that you want, and then it drops everything else from the connection.

03:32

So control 9.5, implementing application firewall. So we wanna make sure we put these specifically in front of any types of critical servers

03:42

servers? That way we can verify. Validate that traffic going to the servers is actually legitimate. Right? So we want to make sure that anything that's unauthorized going to those servers, we immediately block it and then log it and alert on it and say, Hey, it's something was trying to happen here.

03:58

You're probably going is primarily going to see these in use with the Group three entities.

04:03

All right, so in this video, what is took? A look at CS control number nine, which again? It's a limitation in control of our network ports, protocols and services.