Professional Documents
Culture Documents
Network Security Controls
Network Security Controls
The hardware you will eventually list in the inventory may include:
Systems are often breached by exploiting software vulnerabilities – i.e. security holes in the software. Vendors regularly release updates or
“patches” to fill these holes and improve the software.
This is why it’s important to track the software used on network devices and to control the software packages that are allowed to execute, and
also to ensure the packages you use are patched.
Similar to the network inventory described above, this security control requires a list of authorized an unauthorized software. It should cover
each type of device on the network – whether workstations, servers, smartphones, or otherwise. (NAC tools can be used for this controls).
Application whitelisting must be done which allows only an admin-defined list of software suites to run. All other applications must be blocked
and blacklisted as PUP (Potentially unwanted programs).
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, and workstations using a
rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
The default configuration settings for operating systems in new workstations, Servers, Storages and network devices are often designed for
ease-of-use, not security. While the software may be up-to-date, its configuration can leave the system vulnerable.
The hardware and software configurations must be secured across all devices. Need to set a secure baseline and establish security controls to
prevent users from changing important settings.
Create a secure system image to deploy new workstations, laptops, servers, and other systems. Store them in a secure location without internet
or network access.