Today we continue our look at a series of practical steps that districts can use to increase their NIST compliance. Looking at the complete set of NIST controls can be a daunting experience. One of the best ways we have found to make these cybersecurity improvements more attainable is following the CIS Controls Top 20 list, which maps nicely over into NIST. CIS also breaks their controls list into three implementation groups, in somewhat of a "start here" group 1, a more "advanced" group 2, and when that's done for full "Ninja status," move to group 3. This series is going to focus on a walk through the "start here" group 1 items.
Today's topic is about Email and Web Browser protections, and in particular, two items under implementation group 1 (IG1) designed to minimize the attack surface and opportunities for attackers to manipulate end-users:
Action item #1 - Ensure Use of Only Fully Supported Browsers and Email Clients - Ensure that only fully supported web browsers and email clients are allowed to execute in the organization, ideally only using the latest version of the browsers and email clients provided by the vendor.
Action item #2 - Use of DNS Filtering Services - Use Domain Name System (DNS) filtering services to help block access to known malicious domains.
Action item #1 is pretty self-explanatory, so I won't spend much time talking about that item. Suffice it to say that you want to make sure that you have a policy in place and are using your patch management tools to ensure that your browsers and clients remain at current vendor patch levels at all times.
For action item #2, the most common way of accomplishing this is by using one of the service levels from someone like Cisco Umbrella (formerly OpenDNS). You can block access to known malicious domains using the free Cisco Umbrella DNS resolvers as your DNS forwarders for all the DNS/Domain Controllers in your network. Once configured this way, if a user or piece of malware attempts to perform a DNS lookup for a known malicious domain, that domain's information will not resolve, thus crippling the ability for that communication connection to be established, helping to keep your network safer.
You can also subscribe to various service levels under Umbrella, which can provide you with reporting on what was blocked and what device made the request. You can also use Umbrella as your Web filtering service if you wish for both on-premises and off-premises devices.
The CSI team strongly recommends using the Cisco Umbrella DNS resolvers as your DNS forwarders as a simple, no-cost way of eliminating a whole host of potential known threats for operating inside your network.
As always, if you are looking for assistance with getting started with Email and Web Browser protections in your network, reach out to our team. We will be happy to help you get started.