With the invasion of Ukraine in early 2022, the Cybersecurity and Infrastructure Security Agency issued a warning to all businesses the United States. This warning and recommended actions to all U.S. business is referred to as Shields Up
Make no mistake. These are good and important recommendations. Keep following them after the Ukraine situation is resolved.
The goal of these recommended actions is to ensure all organizations raise their level of awareness and protection from potential cyberattacks. There are technical recommendations and some recommendations for executives.
The technical recommendations include the following…
- Require multi-factor authentication to for privileged access
- Patch against known exploited vulnerabilities
- Disable unnecessary ports and services
- Use strong controls for accessing cloud services
- Monitor for unexpected network activity
- Use and update anti malware on each endpoint device
- Establish an incident response plan and prepare for an intrusion with tabletop exercises
- Test backups to validate integrity and usability
It is very easy to simply use this as a checklist – yes, yes, no, yes…
But we need to do more.
Each of these recommendations must be validated and tested within each organizations environment. Some items can be as simple as a configuration review. Other items in the list require additional validation that only comes through active testing and process reviews.
Here’s an example – Disable unnecessary ports and services. In order to do this, you need to know what ports and services are currently enabled. You might do one or more of the following.
- Run an Nmap scan against each device and network entry point. This implies you know what devices are on your network. See what is reported.
- Review the software and services on each of your servers and workstations. This implies you know what software is installed on each system. Remove whatever is not needed.
- Run the Netstat command on each server and workstation to see what is reported as listening. If you see something you are not expecting, do some research to see what software is listening, and shut down that function.
- Review the configuration of the firewall that acts as the network entry point for your network. Inspect the rules to make sure that only what is required for the business is enabled. Block everything that is not required. On a related note, are you sure this is the only entry point? Shadow I.T. is a real thing!
- Review policy to ensure that regular users are not able to install new software and enable new services.
Work your way through the list from CISA. Verify whether or not you are taking the appropriate steps. As you’re doing that and if/when you come to a point where you are unsure of how to validate or the next thing to do, get ahold of SureDefense Strategies and we’ll help you navigate the cybersecurity maze. Click the button below!
/
