What happens in the network, which settings are correct, and the follow-up to manage the system are all important aspects of cybersecurity risk mitigation. Continuing our series based on CISA’s recent security alert, next we explain how to navigate log management, configuration management, and software/patch management.
Centralized Log Management
In the flurry of setting up a new network, logs can be an easy thing to overlook. But don’t skip this step! Setting up proper logs is important to detect and trace attacks or suspicious network activity.
Decide what log data is most important to collect: system, network, cloud, etc.
Set alerts for suspicious login attempts.
Be sure that log file settings are correct in order to be helpful – use the proper time zone, and record data in a file format you can actually use.
Store the log files in a centralized and secure location. A SIEM (Security Information and Event Management) tool can be helpful for this.
Limit access to log files, and store them in a separate network segment to avoid the possibility of tampering.
Create policies for record retention. How long is long enough to keep the log files? This will be a balance between maintaining records for historical data, using digital storage space, and protecting the privacy of the stored information (longer storage could mean greater exposure to the risk of unauthorized access).
Configuration Management
Start out with a solid configuration management plan. This includes the initial access granted to the network, but it also means ongoing reviews of what’s important and how well the configuration is working.
Make sure internet-accessible devices have secure settings.
Never enable external access to any device unless it is protected by a boundary (a firewall or segmentation).
Keep internet-available devices segmented from more secure and internal hosts – for example, domain controllers.
Continually assess the business and mission value of internet-facing services. If any devices or endpoints no longer need internet access, remove that access immediately.
Follow best practices for security configurations, especially blocking macros from the Internet.
Consult other experts. If you’re not sure how to maximize the security of your software or cloud-based service configurations, talk with the service provider. Many can create initial settings for you or walk you through the process. It won’t hurt to ask for help – don’t let ego win over the best security you can accomplish.
Software/Patch Management
To ensure the best possible performance and security of your systems, establish and follow regular procedures for software and patch management.
Immediately install software updates, or configure the software to update automatically.
Identify and mitigate possible risks with unsupported or outdated software and firmware. Give these special attention with frequent vulnerability scanning.
Learn from the research and mistakes of others. Patch known and exploited vulnerabilities. (CISA maintains a catalog of known and exploited vulnerabilities here).
Take Some Steps
Most importantly, just take some steps. If you haven’t done these before, it’s important to get started navigating log management, configuration management, and software/patch management to ensure the cyber maturity of your organization.
We are available and happy to help. Send us a note if you’re not sure what these mean for you, or if you’re ready to take further advanced steps in your organization’s cybersecurity. There is no obligation with our free consultation.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.
Whatever your cybersecurity challenge, we can help you keep your business running. We are a defensive and offensive cybersecurity company, using over 30 years of experience with active commercial and government work and proven security methodologies. We also educate teams and professionals who want to build on their skills.
We set the standard for cybersecurity excellence.