The CIS Telework Security Guide

The CIS Telework Security Guide

The CIS Telework Security Guide 2048 1365 Mark Arnold

CIS Telework Guidance

The folks over at the Center for Internet Security, whose core mention is to secure online experiences, have authored security guidance for teleworkers. The CIS recently released a whitepaper on securing the remote network, a Telework Security Guide (TSG). Given the dizzying array of remote work jargon out there, the CIS TSG stands out as a solid collection of practical advice for organizations to secure their teleworkers’ converged workspaces. The short guide is full of practical help, ranging in technical glossaries, small business helps, purchasing equipment, and the configuration of the same. We list a subset of network security recommendations from the CIS TSG here:

  • Enable two-factor authentication wherever possible. This may include accessing the ISP web portal, the router/modem, or a mobile app
  • Enable automatic updates for all routers and modems
  • Turn off the 2.4 GHz or 5GHz if you are not using one of them.
  • Turn on WPA2 or WPA3
  • Enable NAT
  • Disable UPnP

One caveat concerning purchasing. Where it is possible, we recommend that organizations continue to maintain purchase and management responsibility of assets. Lares also offers additional defensive guidance for those responsible for securing and monitoring activity to and from remote home networks.

Telework Security Guidance and the CIS 20

The guide offers insight into how the guidance stacks up to the CIS 20 Critical Security Controls (CSC). Although the controls’ efficacy is under constant debate, I am excited to see the prescriptive controls of the TSG mapped to the CIS CSC 20. As a result, security practitioners have a way to rate the effectiveness of their telework controls against the widely used CIS 20 benchmarks. At a high level, TSG recommendations map to 6 CIS critical security controls:

Four of the TSG recommendations have no control mapping:

  • Restrict accessibility to routers and modems,
  • Create unique WIFI network names (e.g., Service Set Identifiers (SSIDs),
  • Ensure WIFI network names are not too revealing, and
  • Register one’s devices with manufacturers.

The four items, however, meet best practice standards and demand attention on those tasked with security remote home networks. What the mappings do provide for managing the risk of telework spaces is the ability to measure the effectiveness of telework security controls to a certain degree. Further, if organizations have mapped the CIS CSC 20 controls to other existing frameworks, one could theoretically measure converged workspaces’ compliance to different/extended regulatory compliance regimes.

Securing Teleworkers is Top of Mind at Lares

Lares continues to advise its clients faced with the decision to transition workers to remote status given the prolonged pandemic’s impact on businesses and the economy. We have offered our own guidance on making converged workspaces secure and defensible. We have also enumerated the various challenges to achieving defensibility of corporate brands and assets where it concerns remote work. To that end, the TSG in our opinion is a welcome addition to the list of aids toward securing teleworkers.

Lares COO Andrew Hay has coined this new reality the “Forcibly Converged Network“. Please join us on today, October 14th, 2020 at 12 pm ET for a roundtable where we discuss the technical challenges of securing and monitoring work-from-home (WFH) converged networks and management challenges of the same. We will also consider how helps like the CIS TSG can help in achieving some modicum measurable assurance.

There’s still time to sign up for the free webinar here and join the conversation: https://attendee.gotowebinar.com/register/775648688884026384

 

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

©2019 Lares, LLC | All rights reserved.
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

    Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.