Final considerations
Things to ask to help the company defend themselves
Perimeter First
What exactly are we protecting?
What are the most valuable assets the organization owns that need securing?
What can be considered the perimeter of our network?
What devices & services can be accessed from the Internet? (Public-facing)
How can we detect & prevent when an attacker is attempting an attack?
How can we make sure the right person &/or team receives alerts as soon as something isn't right?
Who on our team is responsible for monitoring alerts and any actions our technical controls flag as potentially malicious?
Do we have any external trusts with outside partners?
What types of authentication mechanisms are we using?
Do we require Out-of-Band (OOB) management for our infrastructure. If so, who has access permissions?
Do we have a Disaster Recovery plan?
Internal Considerations
Many of the questions we ask for external considerations apply to our internal environment. There are a few differences; however, there are many different routes for ensuring the successful defense of our networks. Let's consider the following:
Are any hosts that require exposure to the internet properly hardened and placed in a DMZ network?
Are we using Intrusion Detection and Prevention systems within our environment?
How are our networks configured? Are different teams confined to their own network segments?
Do we have separate networks for production and management networks?
How are we tracking approved employees who have remote access to admin/management networks?
How are we correlating the data we are receiving from our infrastructure defenses and end-points?
Are we utilizing host-based IDS, IPS, and event logs?
MITRE Breakdown
As a different look at this, we have broken down the major actions we practice in this module and mapped controls based on the TTP and a MITRE tag. Each tag corresponds with a section of the Enterprise ATT&CK Matrix found here. Any tag marked as TA
corresponds to an overarching tactic, while a tag marked as T###
is a technique found in the matrix under tactics.
Last updated