Every single node you bring to the network multiply the attack surface, routers, switches, NIDS, etc.… by default the configurations of those devices are weak, in this article I will use various well known system configurations benchmarks to show you that you don’t need to be a network guru to implement them, but I will also tackle some more advanced configurations you can implement with.
Before we go further, let’s take a look at The Center for Internet Security (CIS) top 18 CIS Controls (previously known as the SANS Top 20 Critical Security Controls), for the sake of this post we will focus only on the Basic CIS Controls, because having those implemented is already a great step forward.
CIS Basic Controls
- Inventory and Control of Enterprise Assets
- Iventory and Control of Software Assets
- Continuous Vulnerability Management
- Controlled Use of Administration Privileges
- Secure Configuration for Hardware and Software
- Maintenance, Monitoring, and Analysis of Audit Logs
[…] Writing, please come back later for full article.