Shulou(Shulou.com)06/01 Report--

software found

Discovery criteria:

A, *** will build the most vulnerable parts of the *** surface, such as the old version of SSH or Apache;

B. What you don't know, what hurts you; removing/closing special packages you don't need and knowing the actual use of licenses can help you spend less licensing fees;

Lack of backup will lead to kinddom waslost; backing up assets will help reduce your recovery overhead.

BOOT CAMP

1. Establish a complete asset list: asset discovery or vulnerability management tools can be used, such as tripwire asset discovery or tripwire ip360, or excel, a free database to record authorized software installed on the terminal;

Scan your network: Scan for open ports and services;

3, terminal role playing: clear terminal role, for example, a server does not need security word, a workstation does not need to run WEB services, accounting does not need visio; for each organization and business unit, there needs to be a list of authorized software required for hardware equipment;

Less is safer: The less software installed, the safer.

ADVANCED TRAINING

File integrity monitoring and security configuration management: Now that you have an accurate inventory of terminal hardware and software installed on it, the next step is to ensure that changes are authorized; to achieve this goal, you need to monitor terminals to ensure configuration integrity and reduce "drift" against known good states; catching and remediating unauthorized changes will help you quickly identify corruption; Some products, such as tripwire enterprise, have awesome monitors that rely on advanced capabilities such as auto-repair, detailed change logs, and distinguishing good from bad changes according to the right circumstances;

Whitelist mechanism; an illegal port will be the best violation of policy and the worst IOC; our products can identify ports and services running on the terminal, and monitor unauthorized ports in use, you can initiate automatic alarm and repair functions, when an unauthorized service appears and runs;

Exception handling: Each organizational unit has a list of legacy applications and one-time assets, and these things are not good to ensure their security. For these things, you need to have a clear list of who owns these assets and if they are used. It is also necessary to use some lightweight security measures to ensure their security.

COMBAT READY

Grid: Now that you know what needs to be running on each of your asset types, you can start identifying unauthorized applications, such as ports, unauthorized applications, so it's very important to find them quickly, and when your endpoint detection scheme identifies an unauthorized application, it's very important to review it because it could be part of the breach.

Automation: Your environment is not static, you need to update your terminal software inventory on a daily basis using integrity monitors and whitelist files to ensure accuracy. It is wise to ensure that older software is retired and that new software is carefully reviewed for compatibility and policy complexity. As your organization evolves, your terminals and numbers change, and these changes need to be integrated into a baseline that identifies good equipment and configurations, which can help you identify bad points.

Alarms: Start adding alerts when unauthorized software is found in your environment, and protective gates, such as the next generation firewall of the PALO ALTO network, can identify applications that penetrate protective gates. Our home IP360 is very awesome in the inventory installed on the terminal application;

Integration: Once you have personal security tools that can work for you, find ways to supplement them through your security stack. Integration through ITSM,SIEM,GRC,FIM can automate workflows and save effective time and resources. Integration can make it possible to correlate information between different security controls, which will help improve the accuracy and timeliness of threat detection and response.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.