As a portion of security compliance, one of the board members used SANS security controls at a former business and was very pleased with its outcomes. Based on this knowledge and to meet the needs of the board members, you have decided on implementing a few monitoring rules to help meet the requirements of five of the SANS Top 20 Controls.
For this part of your project, you will be addressing the following SANS Security Controls:
Asset Inventory of Authorized and Unauthorized Devices
Software Inventory of Authorized and Unauthorized Devices
Malware Defenses
Boundary Defense
Controlled use of Administrative Privileges
For each of these controls below, create a document that details the following information for each monitoring rule:
Brief description of the monitoring used and the alerting processes
Devices to pull log data from in order to satisfy the monitoring rule.
Frequency of the log data collection: (Real-Time, Hourly, Weekly, Monthly, Annually)
At least two ways this monitor could be tested to validate any false positives or negatives
Your reports should use professional tone and vocabulary, APA format, and proper spelling and grammar.
Submit your completed assignments by following the directions linked below. Please check the Course Calendar for specific due dates.
Save your assignments as a Microsoft Word document. (Mac users, please remember to append the ” x” extension to the filename.) The name of the file should be your first initial and last name, followed by an underscore and the name of the assignment, and an underscore and the date. An example is shown below:
Jstudent_exampleproblem_101504
| Brief description of the monitoring used and the alerting processes | Devices to pull log data from in order to satisfy the monitoring rule. | Frequency of the log data collection | At least two ways this monitor could be tested to validate any false positives or negatives | ||
| Asset Inventory of Authorized and Unauthorized Devices | Reduces the ability of attackers to find and exploit unauthorized and unprotected systems. Uses active monitoring and configuration management to maintain an up-to-date inventory of devices connected to the business network, including servers, workstations, laptops, and remote devices. | Spiceworks, Colasoft MAC Scanner, or Angry IP Scanner | Monthly | Physical device search, Mac address search, or port ping search | |
| Software Inventory of Authorized and Unauthorized Devices | Identify vulnerable or malicious software to mitigate or root out attacks. Devise a list of authorized software for each type of system, and deploy tools to track software installed. Require administrative login for all software. | CIS Controls or Spiceworks | Physical device search or Administrative login approval | ||
| Malware Defenses | Block malicious code from tampering with system settings or contents, capturing sensitive data, or spreading. Use automated anti-virus and anti-spyware software to continuously monitor and protect workstations, servers, and mobile devices. | AVG Business Internet Security or Total AV. If running Windows then Windows Defender | Real Time | Real time and | Weekly |
| Boundary Defense | Control the flow of traffic through network borders, and police content by looking for attacks and evidence of compromised machines. | Firewalls, Proxies, and various network tools. | Regular scans from outside the trusted network boundary and remote logging into organization network. | ||
| Controlled use of Administrative Privileges | Protect and validate administrative accounts on desktops, laptops, and servers by running security audits on all devices connected to the network. | Admin workstation, Admin devices for work, and server | Quarterly | Use audit software and physically check all device log files. |
