CIS Control 12: Boundary Defense

Home  »  Blog  »  Cyber Security  »  CIS Control...

By Bill Minahan   |   March 30, 2021   |   0 Comments

CIS Control 13

CIS Control 12: Boundary Defense

What is CIS Control 12?

CIS Control 12 focuses on detecting, preventing, and correcting the flow of information transferring across networks of different trust levels with a focus on security-damaging data.

The CIS controls are a set of actions that protect your organization from the most pervasive cyber attacks. There are 20 total critical controls that prioritize the most essential actions your organization can take in order to gain the highest pay-off results.

Why is this CIS Control Critical?

The CIS Controls are based on actionable guidance from today’s biggest threats, formed by the consensus of the world’s leading experts across a variety of sectors.

CIS Control 12 is critical because attackers often focus on exploiting systems that they can reach across the internet, including not only DMZ systems but also workstations and laptops computers that pull content from the internet via network boundaries.

For instance, threats such as organized crime groups and nation-states use configuration and architectural weaknesses found on perimeter systems, network devices, and internet-accessing client machines in order to gain the initial access into an organization.

Then, with a base of operations on these machines, attackers will often pivot to get deeper inside the boundary in order to steal or change information or to set up a persistent presence for later attacks against internal hosts.

Additionally, many attacks occur between business partner networks, sometimes referred to as extranets, as attackers hop from one organization’s network to another, exploiting vulnerable systems and extranet perimeters.

In order to control the flow of traffic through network borders as well as police content by looking for attacks and evidence of compromised machines, boundary defenses should be multi-faceted. For instance, this can be obtained by relying on firewalls, proxies, DMZ perimeter networks, and network-based IPS and IDS.

It is also critical to filter both inbound and outbound traffic.

It should also be noted that boundary lines between internal and external networks are diminishing as a result of increased connectivity within and between organizations. Furthermore, the deployment of wireless technologies is also a contributing factor.

These blurring lines often allow attackers to gain access inside networks while bypassing boundary systems. However, even with this blurring of boundaries, effective security deployments still rely on carefully configured boundary defenses that successfully separate networks with different threat levels, sets of users, data, and levels of control.

Despite the blurring of internal and external networks, effective multi-layered defenses of perimeter networks help lower the number of successful attacks, allowing security personnel to focus on attackers who have devised methods to bypass boundary restrictions.

How to Implement CIS Control 12

Sub-Control

Asset Type

Security Function

Control Title

Control Descriptions

12.1

Network Identify Maintain an Inventory of Network Boundaries  

Maintain an up-to-date inventory of all of the organization’s network boundaries.

 

12.2

Network Detect Scan for Unauthorized Connections Across Trusted Network Boundaries  

Perform regular scans from outside each trusted network boundary to detect any unauthorized connections which are accessible across the boundary.

 

12.3

Network Protect Deny Communications With Known Malicious IP Addresses  

Deny communications with known malicious or unused Internet IP addresses and limit access only to trusted and necessary IP address ranges at each of the organization’s network boundaries.

 

12.4

Network Protect Deny Communication Over Unauthorized Ports  

Deny communication over unauthorized TCP or UDP ports or application traffic to ensure that only authorized protocols are allowed to cross the network boundary in or out of the network at each of the organization’s network boundaries.

 

12.5

Network Detect Configure Monitoring Systems to Record Network Packets  

Configure monitoring systems to record network packets passing through the boundary at each of the organization’s network boundaries.

 

12.6

Network Detect Deploy Network-Based IDS Sensors  

Deploy network-based Intrusion Detection Systems (IDS) sensors to look for unusual attack mechanisms and detect compromise of these systems at each of the organization’s network boundaries.

 

12.7

Network Protect Deploy Network-Based Intrusion Prevention Systems  

Deploy network-based Intrusion Prevention Systems (IPS) to block malicious network traffic at each of the organization’s network boundaries.

 

12.8

Network Detect Deploy NetFlow Collection on Networking Boundary Devices  

Enable the collection of NetFlow and logging data on all network boundary devices.

 

12.9

Network Detect Deploy Application Layer Filtering Proxy Server  

Ensure that all network traffic to or from the Internet passes through an authenticated application layer proxy that is configured to filter unauthorized connections.

 

12.10

Network Detect Decrypt Network Traffic at Proxy  

Decrypt all encrypted network traffic at the boundary proxy prior to analyzing the content. However, the organization may use whitelists of allowed sites that can be accessed through the proxy without decrypting the traffic.

 

12.11

Users Protect Require All Remote Logins to Use Multi-Factor Authentication  

Require all remote login access to the organization’s network to encrypt data in transit and use multi-factor authentication.

 

12.12

Devices Protect Manage All Devices Remotely Logging into Internal Network  

Scan all enterprise devices remotely logging into the organization’s network prior to accessing the network to ensure that each of the organization’s security policies has been enforced in the same manner as local network devices.

 

 

Implementing CIS Controls

If your team is struggling to implement CIS Control 12 and could use the assistance of a third-party security provider, aNetworks is here to help. Our team of experts can assist with whatever level of service you require from consulting to complete implementation.

If you are interested in learning more about CIS Controls, view our comprehensive list here.

If you are interested, then please contact us below.

Contact Us

Furthermore, if you are looking for more information, check out our resource center here.

Finally, you can always find us on TwitterLinkedIn, and Facebook.


Category: Cyber Security