Defense in Depth Security Baselines

  • Different layers of security.

  • Personnel

    • Training

    • MFA

    • Separation of Duties

    • Mandatory Vacations

    • Success Planning

    • Job descriptions

  • Defense in Depth

    • Processes

      • Improvement

      • Learn from trends.

      • Find weaknesses.

    • Technolgoy

      • Software

      • Hardware

      • Security-as-a-Service

    • Network

      • Review your design

      • Segmentation – VLANs, routers

      • Consider Software defined networking?

      • Air gapped?

      • Don’t overcomplicate it

  • Configuration Baselines

    • Definition of what is normal.

    • Detect misconfiguratons

    • Detect anomalies

    • Start simple: IPs, MACs, services, CPU, memory, running processes

  • Hardening Systems

    • Reduce the attack surface.

    • Config hardening

      • Deactivate non-critical components

      • Disable unused accounts

      • Patch, update

      • Restrict peripherals

      • User permissions

      • ACL on resources

      • Install security suites.

  • Patching

    • #1 solution for most remediations

    • Exploits often target known and patched vulnerabilities

    • Update systems

      • Windows Update

      • WSUS

      • APT

      • YUM

    • Patch management solutions

      • SCCM

PreviousSecurity ControlsNextSecurity Trend Analysis

Last updated