10 Major mistakes that open the door to hackers in an enterprise network.
Taking certain common shortcuts when it comes to network and infrastructure security can leave your organization wide open to hackers, according to a Tuesday RSA2019 session.
“Technology and security as we all know is not always about the techie stuff and solutions—it’s also about people,” Januszkiewicz said in the session.
Sometimes stealing information is as easy as following an employee in through company doors and pretending to work there, she added.
Here are 10 mistakes in infrastructure that hackers can leverage to steal your data, and how to fix them, according to Januszkiewicz:
1. Disabling firewall/misconfigured network access
Firewalls are great segmentation tools, but Windows Firewall in particular is often misconfigured. You can allow only certain processes to communicate online or locally—there is no need to know processes to block them, she added.
2. Overly simple passwords and security questions
Organizations and employees almost always reuse passwords, Januszkiewicz said. These passwords typically involve some variant of the company’s name and a number, like a year or month. IT departments should check for obvious passwords, and continuously delivery security awareness training to employees, she added.
3. No network segmentation
Network segmentation can be both a blessing and a curse. It offers greater control over which employees have access to which data, and allows IT to set rules to limit traffic between the different subnets, reducing exposure to security incidents. However, it can also involve VLANs limits, security limits, and managerial overhead.
4. Lack of SMB signing
Organizations should do the following to avoid attacks in this area:
- Set SPNs for services to avoid NTLM
- Reconsider using Kerberos authentication all over
- Require SPN target name validation
- Reconsider turning on SMB Signing
- Reconsider port filtering
- Reconsider code execution prevention (but don’t forget that this attack leverages administrative accounts)
5. Allowing unusual code execution
Common file formats that contain malware are .exe, .dll, .vbs, and .docm, along with PDFs, Januszkiewicz said. On Windows machines, you can enable SafeDllSearchMode for added protection.
6. No whitelisting on board
Code execution prevention implementation is a must.Powershell is a key hacking tool, so potential solutions to mitigate attacks would be blocking it for users or using Just Enough Administration. Organizations can also verify where users have write access to with accesschk.exe -w.\users c:\windows.
While some companies have turned to machine learning tools for threat protection, these solutions require a lot of understanding of what they actually do.
7. Old protocols or their default settings
SNMPv3 addresses are a user-based system for access control, and a means for properly authenticating users. Organizations should also ensure ODBC drivers have a secure networking layer built in.
8. Trusting solutions without knowing how to break them
The best operators won’t use a component until they know how it breaks. Almost every solution has some backdoor weakness.
9. Misusing service accounts and privileged accounts
Service accounts’ passwords are in the registry, which is available online and offline. Privileged users sometimes have more access than anticipated, and the potential to read system and security hives from the registry.
10. Falling for hipster tools
Security budgets are largely increasing , along with the risk of adopting shiny new tools that may not be fully vetted. “Sometimes we’ve got different types of tools we’re supposed to trust, but most end up getting hacked,”. “You need to follow the news about security. We spend so much on different tools that might not be the greatest.”
How IT can protect the network
In the short term, IT and security teams should isolate infrastructure components to prevent attacks from spreading. They should also engage with the network security team, and review servers’ and workstations’ configuration periodically.
In the medium term, IT teams should regularly perform penetration tests and configuration reviews. And in the longer term, companies should seek prevention and vulnerability management, and implement monitoring and execution prevention.
“These are the most imp things to focus on in the current infrastructure from the hacker’s perspective,”
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Recent Posts: TechnoBlogy