Lap 9: Endpoint Management (patching and software deployment)
Overview: Managing hardware devices on the network ensures that only authorized devices gain access, and unauthorized or unmanaged devices are kept out. Like hardware management, there should be inventory, tracking, and correction of all software installed to prevent unauthorized or unmanaged software to be installed or executed
Why It Matters:
Attackers scan for devices that are not properly configured with security updates, including employees’ personal devices, to gain internal access and pivot to the next victims. Seemingly innocuous software can be vulnerable to
exploitation. Furthermore, sometimes it can come pre-equipped with tools for an attacker to compromise the system, which in turn can become a launchpad to compromise others
Attackers scan for devices that are not properly configured with security updates, including employees’ personal devices, to gain internal access and pivot to the next victims. Seemingly innocuous software can be vulnerable to
exploitation. Furthermore, sometimes it can come pre-equipped with tools for an attacker to compromise the system, which in turn can become a launchpad to compromise others
Main Points:
Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified. Most default configurations are geared toward convenience, not security. And even if the default is strong, it can decay over time and create openings.
Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified. Most default configurations are geared toward convenience, not security. And even if the default is strong, it can decay over time and create openings.
Actions to Take:
- Harden Configuration for Hardware and Software on Mobile Devices, Laptops, and Servers
- Patch equipment. Focus on patching vulnerabilities that allow for remote code execution or denial of service on externally facing equipment.
- Inventory and Control of Hardware Assets
- Maintain an accurate and up-to-date inventory of all technology assets with the potential to store or process information. This inventory shall include all hardware assets, whether connected to the organization’s network or not.
- Utilize an active discovery tool to identify devices connected to the organization’s network and update the hardware asset inventory.
- Open-Source Tools: Nmap, OpenVAS
- Inventory and Control of Software Assets
- Utilize software inventory tools throughout the organization to automate the documentation of all software on business systems.
- Only allow a limited number of staff to install Software.
- Utilize application allow-listing technology on all assets to ensure that only authorized software executes and all unauthorized software is blocked from executing on assets
- Open-Source Tools: SnipeIT
Cybersecurity Security Plan Controls:
|
Texas Cybersecurity Framework: AM, AC, DS, CM |
NIST Cybersecurity Framework: AM, AC, DS, CM |
|
Center for Internet Security (CIS) v8: C13 |
CISA Cybersecurity Performance Goal (CPGs): 2.Q |
|
K12six Essentials Cybersecurity Protection: 4.1 |
TEA cyber initiative: FY26 Looking ahead |