Secure Configuration for Network Devices
CIS Control 11
Establish, implement, and actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
Why is this Critical?
Many organizations keep the default configurations of network infrastructure devices which tend to be in place for ease-of-use and not for security purposes. This CIS Control recommends implementing secure configurations for all network devices, including proper configuration management and change control processes to minimize the number of vulnerabilities that attackers may be able to exploit.
The management of secure configurations is a continuous process that involves regularly re-evaluating not only the configuration items but also the allowed traffic flows. Attackers take advantage of network devices becoming less securely configured over time as users demand exceptions for specific business needs. Attackers search for vulnerable default settings, gaps or inconsistencies in firewall rule sets, routers, and switches and use these holes to penetrate defenses. They can exploit flaws in these devices to gain access to networks, redirect traffic on a network and intercept information while in transmission. The goal is to harden these critical network infrastructure devices against compromise and to establish and maintain visibility to changes that occur on them.