Windows 10 IG1 Guide
latest
  • Introduction
  • CIS Control 1: Inventory and Control of Hardware Assets
  • CIS Control 2: Inventory and Control of Software Assets
  • CIS Control 3: Continuous Vulnerability Management
  • CIS Control 4: Controlled Use of Administrative Privileges
  • CIS Control 5: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  • CIS Control 6: Maintenance, Monitoring and Analysis of Audit Logs
  • CIS Control 7: Email and Web Browser Protections
  • CIS Control 8: Malware Defenses
  • CIS Control 9: Limitation and Control of Network Ports, Protocols, and Services
  • CIS Control 10: Data Recovery Capabilities
  • CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
    • Control 11.4: Install the Latest Stable Version of Any Security- Related Updates on All Network Devices
  • CIS Control 12: Boundary Defense
  • CIS Control 13: Data Protection
  • CIS Control 14: Controlled Access Based on the Need to Know
  • CIS Control 15: Wireless Access Control
  • CIS Control 16: Account Monitoring and Control
  • CIS Control 17: Implement a Security Awareness and Training Program
  • CIS Control 19: Incident Response and Management
  • Appendix
  • Acronyms & Abbreviations
  • Links and Resources
Windows 10 IG1 Guide
  • Docs »
  • CIS Control 11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches »
  • Control 11.4: Install the Latest Stable Version of Any Security- Related Updates on All Network Devices
  • Edit on GitHub

Control 11.4: Install the Latest Stable Version of Any Security- Related Updates on All Network Devices¶

Install the latest stable version of any security- related updates on all network devices.

Category¶

Technical

Purpose¶

Network devices include wireless routers, sometimes called wireless access points, and the networking appliance provided from an Internet service provider (ISP). An ISP is a telecommunications company that provides access to the Internet for companies and individuals. ISP provided appliances are confusingly referred to by multiple interchangeable terms such as modem or cable box. Some ISPs can provide a single network device that acts as modem, wireless access point, and firewall all in one. Regardless, all networking equipment needs to be regularly updated – even devices from the ISP. To update the software or firmware on any of these network appliances, it will often be necessary to access the device via an administrator account. This is commonly done via a web browser. The correct settings to update the system will be provided by the relevant ISP and/or network device manufacturer.

Older software on wireless access points and cable boxes or modems can lead to a malicious actor accessing sensitive enterprise information via the device. This can occur via vulnerabilities in protocols supported by the router or how users are authenticated to the router. If an attacker gains access to the device, they may be able to change network passwords, grant any computer access to the network, or potentially modify data in transit.

Automation¶

The degree of automatability available for this Sub-Control depends on the network appliances that are in use within an organization. Some network appliances can be set to auto-update all software and firmware. Others will not have this capability and will need to be manually updated on a regular basis.

Guidance and Tools¶

It is not possible to list all of the models of network appliances provided by an ISP, but the following links are provided to show how to update the software and firmware on some of the most common network devices from United States ISPs.

  • Comcast: Comcast provides information on how to update their modem (https://www.xfinity.com/support/articles/using-your-own-modem-with-new-speeds).
  • Verizon: Verizon provides guidance for how to update their router (https://www.verizon.com/support/residential/internet/equipment/routers).
  • AT&T: AT&T customers can update their network devices via this guidance (https://www.att.com/esupport/article.html#!/u-verse-high-speed-internet/KM1175558?gsi=Lb27wrtt).
Next Previous

© Copyright 2019, Center for Internet Security Revision 6a1d880b.

Built with Sphinx using a theme provided by Read the Docs.