Critical Control 4: Secure Configurations for Network Devices

Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
Most systems are installed with a default installation and not properly hardened for the organization that is using the device. Therefore hardened images need to be created for each of the core devices on your network. This is similar to control 3, in that by having proper configuration management with tested and validated images, an organization can achieve a reasonable level of security. Not only is configuration management critical but the images must be properly maintained through a strict change control process. Also, since new threats are coming out on a regular basis the secure image must be updated with new patches and vulnerable components removed or properly configured.
While securing servers and desktops are critical, making sure that core network components, including key security devices like firewalls, are properly protected is very important because if they are compromised the impact can be very significant. If an attacker is able to compromise an external router or firewall, they can monitor and control all information coming in and out of your organization.
A core component of control 4 is making sure you have an accurate network diagram that is kept up to date and validated on a regular basis. Based on the network diagram, an organization can identify core components and make sure they are properly protected and controlled. The good (continue reading...)