Cybersecurity Practice #6: Network Management Organizations leverage IT networks as a core infrastructure to conduct business operations. Without networks, there would be no interoperability. Networks must be deployed securely to limit exposure to and the potential impacts of cyberattacks.
Cybersecurity Practice 6: Network Management Data that may be affected Medium SubPractices
Large SubPractices
Key Mitigated Risks
PHI 6.M.A Network Profiles and Firewalls 6.M.B Network Segmentation 6.M.C Intrusion Prevention Systems 6.M.D Web Proxy Protection 6.M.E Physical Security of Network Devices 6.L.A Additional Network Segmentation 6.L.B Command and Control Monitoring of Perimeter 6.L.C Anomalous Network Monitoring and Analytics 6.L.D Network Based Sandboxing/Malware Execution 6.L.E Network Access Control Ransomware Attacks Loss of Theft of Equipment or Data Insider, Accidental or Intentional Data Loss Attacks Against Connected Medical Devices that May Affect Patient Safety
Sub-Practices for Medium-Sized Organizations 6.M.A
Network Profiles and Firewalls
NIST FRAMEWKORK REF: PR.AC-5, PR.AC-6
An effective network management strategy includes the deployment of firewalls to enable proper access inside and outside of the organization. Firewall technology is far more advanced than standard router-based access lists and is a critical component of modern network management. Organizations should deploy firewall capabilities in the following areas: on wide area network (WAN) pipes to the internet and perimeter, across data centers, in building distribution switches, in front of partner WAN/VPN connections, and over wireless networks. There should be clear boundaries that determine how traffic is permitted to move throughout the organization, including a default-deny ruleset whenever possible. At the perimeter, inbound and outbound rules must be configured with a default-deny ruleset to limit accidental network exposures. This often-complicated process can be achieved by establishing security zones through network segmentation. Consider limiting the outbound connections permitted by assets in your organization. This can be a challenge to implement across the board. However, for zones of high sensitivity, egress limiting can prevent malicious callbacks or data exfiltration. The SOC should monitor egress logs. Firewall rules may change when technology is added or removed. A robust change management process should include reviewing every firewall to identify necessary changes. These change requests 57
