3.1.10. Configure the network perimeter to deny all incoming traffic

3.1. Preparation

3.1.1. Make users aware of malicious code issues.

3.1.11. Secure all remote access methods, including modems and virtual

3.1.12. Put all publicly accessible services on secured demilitarized zone

3.1.13. Disable all unneeded services on hosts and separate critical

3.1.14. Use host-based/personal firewall software to limit individual hosts’ exposure

3.1.15. Create and implement a password policy.

3.1.2. Read antivirus bulletins.

3.1.3. Deploy host-based intrusion detection and prevention systems, including file

3.1.4. Use antivirus software, and keep it updated with the

3.1.5. Configure software to block suspicious files.

3.1.6. Eliminate open Windows shares.

3.1.7. Configure intrusion detection software to alert on attempts to

3.1.8. Configure all hosts to use centralized logging.

3.1.9. Establish procedures for having all users change their passwords.

By Efrain Ortiz

3.1.10. Configure the network perimeter to deny all incoming traffic that is not expressly permitted.

By limiting the types of incoming traffic, attackers should be able to reach fewer targets and should be able to reach the targets using designated protocols only. This should reduce the number of unauthorized access incidents.