Define, implement and evaluate processes, procedures and defense-in-depth techniques for protection, detection, and timely response to network-based attacks.
Vulnerabilities in a physical environment also apply in a virtual environment. Configuration flaws/vulnerabilities in the applications, firewalls, or networks will be vulnerable to exploits. Defense-in-depth techniques should be leveraged for both physical, logical, and administrative, etc., controls. Defense-in-depth techniques/insights that should be considered include:
- Deep packet analysis, traffic throttling, and black-holing.
- Ingress/egress traffic patterns may include media access control (MAC) spoofing and ARP poisoning attacks and/or distributed denial-of-service (DDoS) attacks.
- Perimeter firewalls implemented and configured to restrict unauthorized traffic.
- Security settings enabled with strong encryption for authentication and transmission, replacing vendor default settings (e.g., encryption keys, passwords, and SNMP community strings).
- Develop capabilities to detect unauthorized (rogue) network devices in the network and disconnect quickly.
- Interview the team to evaluate if they have defined processes and procedures for protection, detection and timely response to address network based attacks.
- Review evidence to establish that the defined processes and procedures have been implemented.
- Review evidence to establish that the processes and procedures are evaluated and validated periodically.
- Review evidence to establish that the processes and procedures are based upon a defense-in-depth.
- Review evidence to support the effective activation of incident response plans when necessary including the associated communication protocols.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.