- – Raise Social Engineering awareness
- – Enforce a password complexity enforcement and early-launch anti-malware detection for system access
- – Install physical security devices to restrict manual access to desktops, servers, network devices
- – Set firewall to block all ports at the edge perimeter, except ports 80/443
- – Enable IPS (Intrusion Prevention System) & DPI (Deep Packet Inspection) do packet analysis
- – Sanitize web application inputs with a web application firewall
- – Sanitize database input with a specialized database firewall
- – Implement a centralized log management system with alerts
- – Apply an effective disaster recovery strategy
- – Harden Windows, Linux, MacOS with a standardized benchmark (e.g. Org SOP, CIS/DISA STIGS etc)
Categories: