Weak Links in Security Part 1: Configuration Is the Biggest Security Threat

Posted on March 28, 2018 by Gento

The rise in cyberattacks and ransomware thefts has caused businesses to shore up their IT infrastructure defenses. While the boost in security protocols is a step in the right direction, many businesses are unaware of a key threat -- improperly configured IT devices and systems. For example, postponing or altogether forgetting to change a default password can leave your vital business data ripe for the taking.

How at Risk Is Your Network's Configuration?
Many of today's IT systems include safeguards that must be carefully configured and enabled if your network is to remain secure. In fact, it is safe to say that a system’s security is all about configuration. Even the seemingly "most secure system" can be easily exploited due to a bad configuration. To put this into perspective, let’s examine a few key findings from the 2017 Data Breach Investigations Report (DBIR), 10th Edition, Annual Survey of Incidents and Breaches Trends.

• 62 percent of breaches featured hacking.
• 51 percent included the use of malware. In these cases, 66 percent of the time malware was installed via a malicious email attachment.
• 81 percent of hacking-related breaches used either weak or stolen passwords.

The question that these statistics point to is simple -- what can we learn?

Phishing Still Works
Phishing is the gateway to many data breaches. Once the malware has been installed, credentials can be stolen and vulnerabilities can be exploited. This is why you need to install secondary defenses that will protect your vital assets and systems. So long as human error exists and phishing scams continue to fool employees, it is not a matter of "if" a malware attack occurs, but "when." As part of your secondary defenses, you must understand the attacks, know how to defend against them, and ensure that your configuration is ironclad.

5 Steps to a Strong ConfigurationCreating a strong configuration that works to secure your vital business data is made easier when you take the following factors into account.

1. Endpoint Protection. -- To secure the endpoint you need to complete all browser and plug-in updates, use an updated anti-virus software protection, use Data Execution Prevention (DEP), and use Endpoint Threat Detection and Response (ETDR).

2. Strong Passwords. -- In 2016, 63 percent of data breaches involved passwords. In 2017, 81 percent of hacking-related breaches used either weak or stolen passwords. The moral of this story is simple, any device with a weak or default password is a security vulnerability. To reduce these risks, you must change default passwords to ensure that they meet criteria like the following: 8 to 16 character length that includes one lower case, one upper case, one numeric, and one printable special character.

3. Restrict Login Attempts. -- If a user has an infinite number of times to attempt to login, then their "strong password" becomes obsolete. Instead, you should track and limit the number of login attempts before the user is blocked from accessing the network. This simple step will not only alert you to potential hacking attempts but also provide key insights into why certain user accounts are being targeted.

4. Leverage Alternative Authentication Mechanisms. -- An authentication server can be used to manage LDAP, active directory, radius, and TACACS. Additionally, two-factor authentication should be used to minimize potential vulnerabilities. RSA tokens, biometrics, certificate, and a smart card (or common access card) are all viable means of two-factor authentication.

The Bottom Line: Properly Configured Networks Are Key to Data Security
It doesn't matter how strong you think your IT security is if your network is improperly configured. Through endpoint protection, strong passwords, a restricted number of login attempts, alternative authentication, and limited access to critical systems, you can improve the configuration of your network.

In the second part of this series, we will explore the steps you can take to ensure that all devices, communications, logging, and vulnerability responses are properly configured to keep your vital business data safe.

5. Restrict Network Access To Critical Systems. -- More than 50 percent of inside data theft jobs involved the misuse of administrative privileges. To combat this risk, you should monitor administrative privileged functions and immediately flag any anomalous behavior. These two simple actions can greatly mitigate the damage that could occur, should a hacker gain access to your network.