Most victims of cyber-crime created the vulnerabilities that allowed their computer, network, email account, website, or other service get hijacked. In many cases, especially in the consumer or small business networking environments, they just don’t know what to do, or what to be looking for. But even in business network environments where IT professionals have been in charge of operations, decisions are made with a view to providing user convenience instead of user security.
Here’s a list from RSA 2019 keynote speaker and cybersecurity researcher Paula Januszkiewicz of CQURE.
- Passwords – Short and simple passwords that are reused or shared make it easier for an attacker to connect to a computer network.
- Windows Firewall – Misconfigured or disabled Windows or other endpoint firewalls can make it easier for an attacker to move laterally once on the network.
- Flat networks – Simple, one layer networks may be easier to manage, but they are easier for an attacker to traverse, too. Using VLANs and other network segmentation tools can help keep your network more secure.
- Network Firewall – Make sure that rules are properly configured for network edge security devices such as firewalls, or IDS/IPS systems.
- Application Whitelisting – Limit application installation to those programs that are approved for use on the network, and block user installation privileges to anything else.
- SMB Signing – There are a ton of vulnerabilities that show up for Microsoft’s Server Message Block (SMB). Generally firewall rules prevent using SMB from the Internet side, but SMB signing help block SMB exploits used by attackers already inside the network.
- Old Protocols and Default Settings – Using protocols that are inherently insecure, such as telnet and file transfer protocol, or continuing to use deprecated security protocols such as SSL create opportunities for attackers.
- Service Accounts and Privileged Accounts – Service accounts are used by the operating system, and often have root or administrative permissions. Passwords for service accounts are stored in the registry. Administrative and other high privilege accounts need to be secured with long and strong passwords, and two-factor authentication when available.
Vulnerability scanning and penetration testing can help business owners and their IT staff to find weaknesses in their defenses. Resist taking the easy path when configuring your network.Share