NSA TAO Chief Rob Joyce on network defense
The above video is from the USENIX Enigma conference, in which Rob Joyce, Chief, Tailored access Operations, of the National Security Agency spoke. He spoke from the attackers perspective and gave some best practice advice and recommendations. Those that have been in the information security perspective for any extended period of time won't be surprised, but it's worth repeating.
I would recommend watching the video. It's only about 35 minutes long. If you don't have the time here are some notes I took on the talk.
BEST PRACTICES
Perform a third-party penetration test
Fix the items in the penetration test report
"You have to be continually defending and improving"
Understand the normal baseline for the traffic on the network
Monitor the network
Least privelege
Network segmentation
Enable and audit logs
Application white-listing (at the very least do high risk assets)
Anti-virus - reputation services
Incident response plan
RECOMMENDATIONS
This post first appeared on Exploring Information Security.