For a long time I've been electronically in love with the Critical Security Controls. Not familiar with 'em? The CIS site describes them as:
The CIS Controls are a prioritized set of actions that protect your critical systems and data from the most pervasive cyber attacks. They embody the critical first steps in securing the integrity, mission, and reputation of your organization.
Cool, right? Yeah. And here are the top (first) 5 that many organizations start to tackle:
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software
- Continuous Vulnerability Assessment and Remediation
- Controlled Use of Administrative Privileges
Google searches will show you that you can definitely a buy a variety of expensive hardware/software to help you map to the CSCs, but I'm passionate about helping small businesses (and even home networks!) be more secure. So I'm starting a quest to find implementable (if that's a word?) ways to put these controls in place.
I'm focusing on control #1 to start, and I've heard great things about using Fingbox (not a sponsor) to get the job done, but I'm also exploring other free options, such as nmap + some scripting magic. I'm also keeping an eye on up-and-coming tools like MacMon.
Another option I've heard about is network admins putting in DHCP reservations for everything known on the network, and then they monitor the DHCP pool (which nothing should be on) for rogue devices. Meh, I don't love that because I don't think it scales well, but I suppose it works.
More on today's episode...