Weak Links in Security Part 2: How to Create a Secure Network Configuration

Posted on April 25, 2018 by Gento

The 2017 Data Breach Investigations Report (DBIR) revealed that 51 percent of breaches involved the use of malware. Of these breaches, 66 percent were initiated via phishing campaigns that used malware infected email attachments. As discussed in Part 1: Configuration Is the Biggest Security Threat, there are five steps that businesses need to take to mitigate configuration security risks. These steps include: endpoint protection, strong passwords, a restricted number of login attempts, alternative authentication, and limited access to critical systems. Upon completing these steps the next task will be to ensure that all devices, communications, logging, and vulnerability responses are properly configured to create a secure network for your vital business data.

Secure Device Configuration
If a device is not properly configured, then all of the security protocols in the world won't stop a data breach from occurring. If a data breach does occur on an improperly configured device, then the hacker will be able to wreak havoc. Secure device configuration is made easier when you follow these protocols.

• Lockdown any services that you are not using. Remote management systems that are not in use should also be thoroughly secured. Keep in mind that we are less likely to pay attention to the services that we aren't using, which inevitably makes them the perfect weak point for hackers.
• Disable or change the default settings on ports.
• Limit the use of old and outdated web technologies. For example, individuals and businesses using old Flash versions are often subject to ransomware attacks. Java, NPAI, and Plugins also need to be kept up to date to avoid any security vulnerabilities.

It is important to note that secure device configuration only works if all of your devices have the proper settings. In other words, don't forget to close the barn doors tightly. All a hacker may need is one improperly configured device on your network.

Restrict and Secure Network Communication
Your network must be protected at all costs. After all, if a hacker gains access to your network then they can implement further malware or ransomware attacks. Defending the network is especially important given the fact that phishing is so successful. To mitigate the risks associated with a phishing attack, you should block C2 communications, segment the network, and always use two-factor authentication. As we discussed in Part 1, while secure passwords are important, there are other steps such as restricting network access to vital systems and data that must be taken.

Network access must be restricted to trusted hosts and other networks. In fact, you should only allow Internet access to required network services when it is absolutely necessary. If you deploy systems that can be directly accessed to the Internet, then you are not only creating visible security vulnerabilities, you may be creating backdoors and hidden alleys that hackers can use to infiltrate your network. With this in mind, there are businesses whose employees rely on remote access. If this is the case, then you should use VPN, SSH, or another secure access method to help reduce the security risks associated with remote network access. Additionally, the right type of encryption should be used to reduce the impact of a breach. SSLv3 is no longer considered a secure encryption method; TLS sessions should be used in its place.

Don't Let Attacks Go Unnoticed Indefinitely
The final step in creating a secure configuration involves logging, detecting incidents, and reporting breaches. Did you know that attackers can hide their location, activities, and malicious software for years? In fact, if you don't take the right steps, then attacks may go unnoticed for an indefinite period of time. Logging records can sometimes provide the only evidence of a successful attack. Logging also generates the following benefits:

• The ability to detect inside and outside hacking jobs.
• Web logs and a centralized store of logs can help to spot attacking trends and be useful in creating a stronger network.
• Logs can be helpful in detecting the origin of phishing attacks.

In addition to logging, businesses should use real-time monitoring to gain immediate insights into security alerts that have been generated by applications and network hardware. In many cases, the faster a business can respond to a data incident, the greater the likelihood that they can mitigate the damages and protect their vital business data. As part of this effort, vulnerability management must be taken seriously. Research shows that new vulnerabilities are discovered every day and half of all exploitations of these weaknesses occur within 10 - 100 days of their discovery.

The Bottom Line: Protect Your Business with a Secure Configuration
Only through the proper configuration management steps can you protect your business and its data. No longer is it enough to simply rely on default network and device configurations. Through new vulnerabilities and increasingly savvy malware attacks, the default settings do not provide ample security. Instead, by taking the steps to properly configure your devices and network, you can create a more secure system. To learn more about Raritan’s product and how they are built to safeguard against security vulnerabilities visit, here.