Shulou(Shulou.com)06/01 Report--

Terminal Security Survival Guide 1. Terminal Discovery

Asset collection principles:

A. to sort out the assets step by step

B. adopt standardization to save working time

C. sort out an accurate list of assets

Difficulties in finding assets:

1. Segmented network: large network, it is difficult to find all assets based on global network segments, and deploy data collectors in segments.

2. Based on the existence of IP private protocols, such as IIOT

3. For the equipment with strong vulnerability, passive discovery and inquiry is the only way to ensure the reliable and safe operation of the equipment.

BOOT CAMP:

1. Collect the list of existing assets

2. Network scanning, using auto-discovery tools such as Nmap,TripwireAsset discovery

3. Passive discovery: discover end devices and wireless access points using commercial or free tools such as Kismet,lumetaipsonar

4. Reduce the available IP address space; ensure that the organization uses the least IP address space

ADVANCED TRAINING

5. Analyze the DHCP log and collect the terminal MAC address

6. Discover new hardware; scan every quarter (if possible, more frequently) to discover new terminal devices and unauthorized terminals that may have * behavior, and ensure that the asset list is updated.

7. for the end equipment / asset with the owner and other attributes, such as use, value, etc.; let the owner know who is the participant in ensuring terminal security; use automated tools to set labels and place them on the side of the device, manual data registration errors can be reduced or eliminated

COMBAT READY

8. Set up "power grid": carry out terminal authorization, and only authorized terminals are allowed to access the secure network.

9. Automation: update the terminal list using active / passive scanning, and record data and alarms in real time and accurately

10. Alarm: alarm should be given to unknown and unauthorized or hidden terminals that can be quickly discovered

11. Integration: use a variety of methods, such as ITSM,SIEM,GRC,FIM tool integration and associated inventory, to enhance and improve the accuracy of terminal asset discovery

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.