Most victims of cyber-crime created the vulnerabilities that allowed their computer, network, email account, website, or other service get hijacked. In many cases, especially in the consumer or small business networking environments, they just don’t know what to do, or what to be looking for. But even in business network environments where IT professionals have been in charge of operations, decisions are made with a view to providing user convenience instead of user security.
Here’s a list from RSA 2019 keynote speaker and cybersecurity researcher Paula Januszkiewicz of CQURE.
- Passwords – Short and simple passwords that are reused or shared make it easier for an attacker to connect to a computer network.
- Windows Firewall – Misconfigured or disabled Windows or other endpoint firewalls can make it easier for an attacker to move laterally once on the network.
- Flat networks – Simple, one layer networks may be easier to manage, but they are easier for an attacker to traverse, too. Using VLANs and other network segmentation tools can help keep your network more secure.
- Network Firewall – Make sure that rules are properly configured for network edge security devices such as firewalls, or IDS/IPS systems.
- Application Whitelisting – Limit application installation to those programs that are approved for use on the network, and block user installation privileges to anything else.
- SMB Signing – There are a ton of vulnerabilities that show up for Microsoft’s Server Message Block (SMB). Generally firewall rules prevent using SMB from the Internet side, but SMB signing help block SMB exploits used by attackers already inside the network.
- Old Protocols and Default Settings – Using protocols that are inherently insecure, such as telnet and file transfer protocol, or continuing to use deprecated security protocols such as SSL create opportunities for attackers.
- Service Accounts and Privileged Accounts – Service accounts are used by the operating system, and often have root or administrative permissions. Passwords for service accounts are stored in the registry. Administrative and other high privilege accounts need to be secured with long and strong passwords, and two-factor authentication when available.
Vulnerability scanning and penetration testing can help business owners and their IT staff to find weaknesses in their defenses. Resist taking the easy path when configuring your network.
Share
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com