Refer to the following Network Attack Surface insights and assessments and how they're mapped to CIS v7 and CIS v8 controls for Control Insights:
Exposed Services
Having an unnecessarily large attack surface of exposed services on the network perimeter indicates ineffective control of network services
The ratio of events of type [Unnecessarily Exposed Port] by type [Open Port] is above 1.0%
Assessment
Negative
Observations
Open Ports
| CIS v8 Controls |
CIS v7 Controls |
Controls
N/A
Safeguards
- 4.4 Implement and Manage a Firewall on Servers
- 4.8 Uninstall or Disable Unnecessary Services on Enterprise Assets and Software
|
Controls
9 Limitation and Control of Network Ports, Protocols, and Services
Safeguards
- 9.1 Associate Active Ports, Services, and Protocols to Asset Inventory
- 9.2 Ensure Only Approved Ports, Protocols, and Services Are Running
- 9.3 Perform Regular Automated Port Scans
- 9.4 Apply Host-Based Firewalls or Port-Filtering
|
No Exposed Services
The lack of unnecessarily exposed services on the network perimeter indicates effective control of network services
The ratio of events of type [Unnecessarily Exposed Port] by type [Open Port] is below 0.001%
Assessment
Positive
Observations
Open Ports
| CIS v8 Controls |
CIS v7 Controls |
Controls
N/A
Safeguards
- 4.4 Implement and Manage a Firewall on Servers
- 4.8 Uninstall or Disable Unnecessary Services on Enterprise Assets and Software
|
Controls
9 Limitation and Control of Network Ports, Protocols, and Services
Safeguards
- 9.1 Associate Active Ports, Services, and Protocols to Asset Inventory
- 9.2 Ensure Only Approved Ports, Protocols, and Services Are Running
- 9.3 Perform Regular Automated Port Scans
- 9.4 Apply Host-Based Firewalls or Port-Filtering
|
Cleartext Remote Protocols
The presence of cleartext remote protocols over the Internet indicates ineffective network boundary defense and a lack of network data integrity
At least one event of the following event types was detected: [Cleartext Protocol]
Assessment
Negative
Observations
Open Ports
| CIS v8 Controls |
CIS v7 Controls |
Controls
- 3 Data Protection
- 6 Access Control Management
- 13 Network Monitoring and Defense
Safeguards
- 4.6 Securely Manage Enterprise Assets and Software
- 4.7 Manage Default Accounts on Enterprise Assets and Software
|
Controls
- 12 Boundary Defense
- 13 Data Protection
- 14 Controlled Access Based on the Need to Know
Safeguards
- 12.4 Deny Communication Over Unauthorized Ports
- 13.3 Monitor and Block Unauthorized Network Traffic
- 14.4 Encrypt All Sensitive Information in Transit
|
Outbound Network Scanning Activity
The presence of outbound network scanning activity indicates ineffective control of the network boundary
At least one event of the following event types was detected: [Outbound Network Scanning Activity]
Assessment
Negative
Observations
Unsolicited Communications
| CIS v8 Controls |
CIS v7 Controls |
Controls
13 Network Monitoring and Defense
Safeguards
- 13.2 Deploy a Host-Based Intrusion Detection Solution
- 13.3 Deploy a Network Intrusion Detection Solution
- 13.4 Perform Traffic Filtering Between Network Segments
- 13.5 Manage Access Control for Remote Assets
- 13.6 Collect Network Traffic Flow Logs
- 13.7 Deploy a Host-Based Intrusion Prevention Solution
- 13.8 Deploy a Network Intrusion Prevention Solution
|
Controls
12 Boundary Defense
Safeguards
- 12.1 Maintain an Inventory of Network Boundaries
- 12.2 Scan for Unauthorized Connections Across Trusted Network Boundaries
- 12.3 Deny Communications With Known Malicious IP Addresses
- 12.4 Deny Communication Over Unauthorized Ports
- 12.5 Configure Monitoring Systems to Record Network Packets
- 12.6 Deploy Network-Based IDS Sensors
- 12.7 Deploy Network-Based Intrusion Prevention Systems
- 12.8 Deploy NetFlow Collection on Networking Boundary Devices
- 12.9 Deploy Application Layer Filtering Proxy Server
|
-
April 1, 2025: Published.
Feedback
0 comments
Please sign in to leave a comment.