Versions Compared

Version Old Version 18 New Version Current
Changes made by

Hein van Schaik

Hein van Schaik

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Office equipment (e.g. laptops, workstations)

    • XXX

  • MSTCS2C

    • Microsoft Azure

      • Supported:

        • Anti-virus & threat protection in Windows Security. It runs different types of scans and gets the latest protection offered by Microsoft Defender Antivirus.

          • Code ??

          • Data ??

          • Files ??

          • Upload/download ??

      • Not supported

        • Intrusion detection system (IDS)

        • Anti-malware

        • Anti-ransomware

    • Amazon web services

      • XXX

...

  • Network segmentation: Resources are organized in separate virtual or physical networks. Separate access rules are defined per network. The access to the different networks is restricted according to the access control matrix.

  • All private networks are protected with a firewall.

  • Open network ports and allowed protocols are managed through firewall rules.

  • The access rules for allowed ports and protocols are managed by the responsible system administrator of every asset.

  • Only ports and protocols needed for the operation of applications and services are allowed. All other traffic is denied by default.

  • The network and firewall configurations are checked on a regular basis.

  • Remote Access through public networks is done only through encrypted channel (TLS or SSH) 2 for which two options for are allowed:

    • Setup a VPN connection to the private network. Only selected trusted users can do make VPN connections.

    • Configure remote access through Remote Desktop Protocol (RDP) or SSH. In this case the connection should be is allowed only from whitelisted IP addresses. All connection attempts should be are logged in the system event log. The logs should be are checked on a regular basis.

...

Access control security

  • 2FA: not available

  • MSTC S2C has an integrated logical access framework that can segregate access based on roles, screens, activities (CRUD) and organizational dimensions

  • Access is managed through Access Control Lists (ACL). Allow or Deny permissions can be set on selected actions for a given scope. The permissions can be set for individual user or for groups of users.

  • Privileged accounts protection:

    • Supported

      • Multi Factor Authentication

    • Not supported

      • 4-eyes principle: at least two people must be present during activities and this must be auditable.

      • Activities must be conducted from a network and system which has been proven to be secured.

    • ??

      • IP whitelisting, certificates, conditional access checks, VPN

...