R273. Define a fixed security suite

Requirement

All the workstations in production must count with an unalterable security suite (Anti-virus, Antispyware, Host Firewall, Host-IDS, Host-IPS).

References

  1. BSIMM9 CR3.4: 2. Automate malicious code detection. Automated code review is used to identify dangerous code written by malicious in-house developers or outsource providers.

  2. CAPEC-169: Footprinting. An adversary engages in probing and exploration activities to identify constituents and properties of the target.

  3. CAPEC-442: Infected Software. An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed.

  4. CAPEC-549: Local Execution of Code. An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact.

  5. CIS Controls. 8.1 Utilize Centrally Managed Anti-Malware Software. Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization’s workstations and servers.

  6. CIS Controls. 9.4 Apply Host-Based Firewalls or Port-Filtering. Apply host-based firewalls or port-filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.

  7. CIS Controls. 9.5 Implement Application Firewalls. Place application firewalls in front of any critical servers to verify and validate the traffic going to the server. Any unauthorized traffic should be blocked and logged.

  8. CWE-923: Improper Restriction of Communication Channel to Intended Endpoints The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

  9. NERC CIP-003-8. Attachment 1. Section 5 - 5.1 Each Responsible Entity shall implement, except under CIP Exceptional Circumstances, one or more plan(s) to achieve the objective of mitigating the risk of the introduction of malicious code to low impact BES Cyber Systems. The plan(s) shall include antivirus software, or other method(s) to mitigate the introduction of malicious code.

  10. NERC CIP-005-5. B. Requirements and measures. R1.5 Have one or more methods for detecting known or suspected malicious communications for both inbound and outbound communications.

  11. OWASP-ASVS v4.0.1 V1.14 Configuration Architectural Requirements.(1.14.1) Verify the application does not use unsupported, insecure, or deprecated client-side technologies such as NSAPI plugins, Flash, Shockwave, ActiveX, Silverlight, NACL, or client-side Java applets.

  12. OWASP-ASVS v4.0.1 V12.4 File Storage Requirements.(12.4.2) Verify that files obtained from untrusted sources are scanned by antivirus scanners to prevent upload of known malicious content.

  13. PCI DSS v3.2.1 - Requirement 5.1 Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers).

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy