CIS Control v8 Overview- Control 12

Control 12: Network Infrastructure Management: Establish, implement, and actively manage (track, report, correct) network devices, in order to prevent attackers from exploiting vulnerable network services and access points.

Why is this Control Important?

An essential part of an organization’s defense against attacks is having a secure network infrastructure that includes devices such as physical and virtualized gateways, firewalls, wireless access points, routers, and switches. Network security is a constantly changing environment that requires regular re-evaluations of architecture, configurations, access controls, and permitted traffic flows of these devices.

In addition, default configurations for network devices are often geared for ease-of-setup more than security. As such, attackers search for vulnerable default settings as well as configurations errors in firewalls, routers, and switches. If they are able to exploit the device, they are then able to gain access to networks, redirect traffic, and intercept data while in transmission.

And its Safeguards?

This Control has eight (8) Safeguards which include ensuring network infrastructure is up-to-date, establishing and maintaining a secure network architecture, securely managing network infrastructure, establishing and maintaining architecture diagram(s), centralizing network authentication, authorization, and auditing (AAA), use of secure network management and communication protocols, ensure remote devices utilize a VPN and are connecting to an enterprise’s AAA, and establish and maintain dedicated computing resources for all administrative work.

How is this Control implemented?

Organizations should ensure their network infrastructure is fully documented and architecture diagrams are kept up to date. Key infrastructure components such as firewalls, routers, and switches must be supported by vendors who provide patches and feature upgrades and an organization’s technology team must ensure components are kept up to date. Vulnerability management solutions help to quickly identify where patches or updates are required. Any equipment that is unsupported or out of date must be replaced or protected with other mitigating controls.

Infrastructure administration should only be performed over secure protocols with strong authentication such as Multi-Factor Authentication (MFA) from dedicated administrative devices or out-of-band networks and include logging and monitoring. Rulesets and Access Control Lists (ACLs) are evaluated by commercial solutions to indicate potential errors or vulnerabilities that may allow unintended traffic flow through the network device.

Key Reminder(s)

Secure network infrastructure is an essential part of an organization’s defense and its gateways, firewalls, wireless access points, routers, and switches must be supported, patched, and updated. It should also be fully documented and monitored for any unapproved changes or modifications which may indicate unauthorized access.

In the next post, we will look at Control 13: Network Monitoring and Defense. If you enjoyed this post, please 𝙇𝙞𝙠𝙚 and 𝙎𝙝𝙖𝙧𝙚!

Contact Temples Consulting (a CIS SecureSuite Partner) to schedule a no-cost consultation for Network Infrastructure Management strategies using the latest CIS Benchmarks.

#cybersecurity #security #infosec #informationsecurity #riskmanagement #ciscontrols #cissecuresuite #safeguards #ciscontrolsv8 #templesconsultinggroup #security #clarity #delivery #riskassessment #riskremediation #risk2remediation #software #cyber #governance #GRC #implementations #dataprotection #datasecurity #phishing #vishing #smishing