Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Identify
• 5 Requirements Control
• This presentation Monitor
deals specifically with
Identification of ESPs Assess Vulnerabilities
Maintain Documentation
Importance of ESP Documentation
• Access Points
– The device that discriminates between authorized
and unauthorized traffic in and out of ESPs
– This may not always be the outermost device on
the network!
Understanding Access Points
“
The endpoint is the ESP access point
”
if access is controlled at the endpoint
Dial-Up
Authentication
• Active Directory
• LDAP
• Kerberos
Protecting ACM Equipment
007
003
004
003
008
Change Control
Information Personnel Risk Security Patch Incident Reporting &
and Configuration
Protection Plan Assessment Management Response Management
Management
007
005
006
005
009
Monitoring Electronic Access Electronic Malicious Software
Recovery Plans
Electronic Access Control Systems (PSP) Access Controls Prevention
007
007
007
Security Status Security Cyber Vulnerability
Monitoring Controls Testing Assessment
007
007
Disposal and
Account Management
Redeployment
007
Systems Security
Management
Documentation Review
Documenting an ESP: Components
• Accuracy is imperative!
• Develop documentation based on known
configuration and confirm topology with:
– Network discovery of assets
• Nmap
– Physical Cable Inspection
• Documentation must contain all cyber assets
inside, regardless of Criticality
Common Pitfalls in Documenting ESPs