In this episode, Fred and Garrett discuss how you can manage ports, protocols, and services on devices connected to your company's network. This control focuses on minimizing your vulnerability to cyber-attackers. This is the third Foundational CIS Control and is used to minimize your vulnerability to attackers. The Limitation and Control of Network Ports, Protocols, and Services control is most impactful when a company has taken action against the first six Basic CIS Controls and first two Foundational CIS Controls (following the CIS Top 20 Cybersecurity Controls).
Cyber attackers are always looking for vulnerabilities. Poorly managed ports, protocols, and services on devices connected to your company's network are open doors to these cyber attackers. But many companies don't consider the vulnerabilities that may lie in these devices. Companies that do not focus on securing these systems give cyber criminals opportunity to continue exploiting these vulnerabilities without consequences.
There are basic steps you can take to protect your systems:
- Disable ports that aren't in use
- Disable unnecessary services
- Configure your Firewall (Audit, assess rules, determine protocols)
- Change default credentials on devices
- Log port activity
You can implement these controls yourself, but it may cost you a substantial amount of time, money, and effort. There are Cybersecurity experts who specialize in getting these controls set up for hundreds of organizations.
Listen to the full episode to learn how your business can begin following the Center for Internet Security Top 20 Controls and make your company more secure.
We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email firstname.lastname@example.org.
This episode discusses Control Seven of the CIS (Center for Internet Security) "Top 20 Controls." The Top 20 Controls are a set of prioritized best practices designed to help organizations protect themselves from cyber-attacks. It is a framework for every organization, whether you have a full department of IT support or don't have security programs or measures in place. You can learn more about the 20 CIS Controls here.
See the break-down of these CIS Controls' Sub-Controls here.
Discover how other organizations are using these controls here.