2. Computer Attacker Activities and Associated Defenses Security defenses include identifying attacker presence and reducing “living space” Security defenses include controlling superuser privileges [admin and root] Security defenses include disrupting command and control of attacker-implanted software Security defenses include decreasing attack surface and hardening security
3.
4. All remote login access required to use two-factor authentication
22. Check for in-house developed and third-party procured web and other application software for coding errors, malware insertion, including backdoors prior to deployment
25. Ensure that administrator accounts are used only for system administration activities and not for reading e-mail, composing documents or surfing the Internet
26. Configure systems to issue a log entry and alert when an account is added to or removed from domain administrators group