Secure Configuration in Action (and How to Apply It)
Most attack code getting into organizations starts at the end point, where attackers escalate privileges and move to servers, then help themselves to the crown jewels. They then move onto compromise other servers to store their ill-gotten gains and to quietly exfiltrate sensitive data. The malware even attempts turn off networking and security devices so their actions won't be detected.
Their strategies depend on the systems and vulnerabilities they discover in them: shared admin passwords, default settings, insecure ports, unpatched software or hardware. The good ones include zero-days administrators don't even know about, let alone patch against.
In this webcast learn how to reduce this attack surface by an order of magnitude through secure configuration practices across end points, servers and network and security devices as defined by the SANS 20 Critical Security Controls, controls numbers 3 and 10 (configuration of end points, laptops, network and security devices). According to the Control Number 3 section of the 20CC document, \Defenses against these automated exploits include:
- procuring computer and network components with the secure configurations already implemented,
- deploying such pre-configured hardened systems, updating these configurations on a regular basis,
- and tracking them in a configuration management system."
Speaking from experience will be CISO of the City of Portland, Logan Kleier, who will explain Portland's implementation of secure configuration practices based on the 20 Critical Controls, along with the benefits produced.
Register for this webcast and be among the first to view the accompanying whitepaper written by SANS Analyst Jim D. Hietala.
Click here to view the associated whitepaper.
