Use Case: Assess Assets That Have Suspicious Configurations
Organizations use corporate security policies to define risks and the communications that are allowed between assets and networks. To assist with compliance and corporate policy breaches, organizations use Policy Monitor to assess and monitor risks that might be unknown.
PCI compliance dictates that you identify devices that contain cardholder data, then diagram, verify communications, and monitor firewall configurations to protect assets that contain sensitive data. Policy Monitor provides methods for quickly meeting these requirements and allows administrators to adhere to corporate policies. Common methods of reducing risk include identifying and monitoring assets that communicate with unsecured protocols. These are protocols such as routers, firewalls, or switches that allow FTP or telnet connections. Use Policy Monitor to identify assets in your topology with risky configurations.
PCI section 1 questions might include the following criteria:
Assets that allow banned protocols.
Assets that allow risky protocols.
Assets that allow out-of-policy applications across the network.
Assets that allow out-of-policy applications to networks that contain protected assets.
Assessing Devices That Allow Risky Protocols
Use Policy Monitor to assess devices that allow risky protocols.
JSA Risk Manager evaluates a question and displays the results of any assets, in your topology, that match the test question. Security professionals, administrators, or auditors in your network can approve communications that are not risky to specific assets. They can also create offenses for the behavior.
- Click the Risks tab.
- On the navigation menu, click Policy Monitor.
- From the Group list box, select PCI 1.
- Select the test question Assess any devices (i.e. firewalls) that allow risky protocols (i.e. telnet and FTP traffic - port 21 & 23 respectively) from the Internet to the DMZ.
- Click Submit Question.