1. Critical Controls for Cyber Defense MadhurVerma CISSP, MVP (Consumer Security) CEH, CIW Security Analyst, MCTS, MCSE, MCSA

2. Computer Attacker Activities and Associated Defenses Security defenses include identifying attacker presence and reducing “living space” Security defenses include controlling superuser privileges [admin and root] Security defenses include disrupting command and control of attacker-implanted software Security defenses include decreasing attack surface and hardening security

4. All remote login access required to use two-factor authentication

5. Health checking of all remotely logging devices

6. Periodically scan for back-channel connections to the Internet that bypass the DMZ

8. Implement ingress and egress filtering

10. Ensure all wireless traffic leverages at least AES encryption used with at least WPA2 protection

11. Ensure wireless networks use authentication protocols such as EAP/TLS or PEAP

12. Disable peer-to-peer wireless network capabilities on wireless clients

13. Disable wireless peripheral access of devices

15. Regularly review the ports, protocols and services needed

16. Operate critical services on separate physical host machines

18. All malware detection events should be sent to enterprise anti-malware administration tools and event log servers

19. Configure laptops, workstations and servers so that they will not auto-run content from removable media

22. Check for in-house developed and third-party procured web and other application software for coding errors, malware insertion, including backdoors prior to deployment

24. Change all default passwords before deploying

25. Ensure that administrator accounts are used only for system administration activities and not for reading e-mail, composing documents or surfing the Internet

26. Configure systems to issue a log entry and alert when an account is added to or removed from domain administrators group

28. Ensure that file shares have defined controls

30. Review all system accounts and disable any account that cannot be associated with a business process and business owner

31. Monitor account usage to determine dormant accounts

33. Deploy software inventory tools

36. Network boundary should be configured to log verbosely all traffic arriving at the device

37. Ensure logs are written to write-only devices or to dedicated logging servers

39. Control the use of removable devices

40. Data stored on removable drives should be encrypted

42. Compare the results from back-to-back vulnerability scans to verify that vulnerabilities were addressed

43. Measure the delay in patching new vulnerabilities

45. Follow best security practices for deploying servers, network devices and Internet services

47. Perform periodic red team exercises to test the readiness of organizations to identify and stop attacks or to respond quickly and effectively

49. Should assign job titles and duties for handling incidents to specific individuals

50. Should notify CERT-In in accordance

51. Publish information to all personnel about information of incidents for awareness

53. Ensure that backups are encrypted

55. Devise periodic security awareness assessment quizzes

57. http://www.microsoft.com/technet