273 – Define a fixed security suite

Summary

All the workstations in production must have an unalterable security suite (Anti-virus, Antispyware, Host Firewall, Host-IDS, Host-IPS).

Description

The type of suites, such as Host-IDS, Host-Firewall and IPS are designed to detect and prevent unauthorized access, suspicious activities, and potential security breaches. They can identify patterns that indicate attacks and take proactive measures to block or mitigate them. In other words, the controls implemented by an unalterable security suite provides a multi-layered defense against a wide range of cybersecurity risks, including viruses, malware or spyware.

Supported In

Essential: True

Advanced: True

References

• BSIMM-CR3_4:_3. Automate malicious code detection
• CAPEC-169. Footprinting
• CAPEC-442. Infected software
• CAPEC-549. Local execution of code
• CAPEC-676. NoSQL Injection
• CAPEC-697. DHCP Spoofing
• CIS-4_4. Implement and manage a firewall on servers
• CIS-10_6. Centrally manage anti-malware software
• CIS-13_4. Perform traffic filtering between network segments
• CIS-13_10. Perform application layer filtering
• CWE-923. Improper restriction of communication channel to intended endpoints
• CWE-512. Spyware
• NERCCIP-003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation
• NERCCIP-005-5_R1_5. Electronic security perimeter
• AGILE-11. Best architectures, requirements, and designs
• CCPA-1798_105. Consumer's right to delete personal information
• NYDFS-500_2. Cybersecurity program
• NYDFS-500_15. Encryption of nonpublic information
• MITRE-M1049. Antivirus/antimalware
• MITRE-M1057. Data loss prevention
• PADSS-6_1. The wireless technology must be implemented securely
• PADSS-8_1. Secure network environment
• CMMC-CM_L2-3_4_2. Security configuration enforcement
• CMMC-PE_L1-3_10_1. Limit physical access
• CMMC-PE_L2-3_10_6. Alternative work sites
• CMMC-CA_L2-3_12_2. Plan of action
• ISO27002-8_7. Protection against malware
• ISO27002-8_27. Secure system architecture and engineering principles
• WASSEC-6_2_3_1. Client-side attacks - Content spoofing
• OSSTMM3-10_5_2. Telecommunications security (access verification) - Services
• NISTSSDF-RV_2_2. Assess, prioritize, and remediate vulnerabilities
• ISSAF-E_1. Network security - Switch security assessment
• ISSAF-G_13_4. Network security - Firewalls (application level)
• ISSAF-J_4. Network security - Anti-virus system (objective)
• ISSAF-J_6_1. Network security - Anti-virus system (methodology)
• ISSAF-J_7_2. Network security - Anti-virus system (check end user antivirus)
• PTES-6_2_1. Exploitation - Countermeasures (anti-virus)
• PTES-6_2_5. Exploitation - Countermeasures (web application firewall)
• PTES-7_3_1_6. Post exploitation - Network infrastructure analysis (ARP entries)
• MVSP-3_3. Application implementation controls - Vulnerability prevention
• NIST800171-1_18. Control connection of mobile devices
• SWIFTCSC-3_1. Physical security
• C2M2-9_2_f. Implement network protections for cybersecurity architecture
• C2M2-9_3_f. Implement IT and OT asset security for cybersecurity architecture
• PCI-1_5_1. Implement security controls on any computing devices
• PCI-5_2_1. Deploy an anti-malware solution on system components
• SIGLITE-SL_162. Is there an anti-malware program that has been approved by management, communicated to appropriate constituents and an owner to maintain?
• SIG-D_6_6. Asset and information management
• ISO27001-8_7. Protection against malware
• ISO27001-8_27. Secure system architecture and engineering principles
• NIST-PR_AA-06. Physical access to assets is managed, monitored, and enforced commensurate with risk

Weaknesses

• 104 – USB flash drive attacks
• 115 – Security controls bypass or absence
• 182 – Email spoofing
• 206 – Security controls bypass or absence - Anti hooking
• 207 – Security controls bypass or absence - SSLPinning
• 208 – Security controls bypass or absence - Antivirus
• 209 – Security controls bypass or absence - Emulator
• 210 – Security controls bypass or absence - Facial Recognition
• 392 – Security controls bypass or absence - Firewall
• 436 – Security controls bypass or absence - Fingerprint
• 077 – ARP spoofing
• 084 – MDNS spoofing

Last updated

2024/03/05