The Raritan Blog

Weak Links in Security Part 1: Configuration Is the Biggest Security Threat

Richard Dominach
March 28, 2018

The rise in cyberattacks and ransomware thefts has caused businesses to shore up their IT infrastructure defenses. While the boost in security protocols is a step in the right direction, many businesses are unaware of a key threat -- improperly configured IT devices and systems. For example, postponing or altogether forgetting to change a default password can leave your vital business data ripe for the taking.

How at Risk Is Your Network's Configuration?
Many of today's IT systems include safeguards that must be carefully configured and enabled if your network is to remain secure. In fact, it is safe to say that a system’s security is all about configuration. Even the seemingly "most secure system" can be easily exploited due to a bad configuration. To put this into perspective, let’s examine a few key findings from the 2017 Data Breach Investigations Report (DBIR), 10th Edition, Annual Survey of Incidents and Breaches Trends.

  • 62 percent of breaches featured hacking.
  • 51 percent included the use of malware. In these cases, 66 percent of the time malware was installed via a malicious email attachment.
  • 81 percent of hacking-related breaches used either weak or stolen passwords.

The question that these statistics point to is simple -- what can we learn?

Phishing Still Works
Phishing is the gateway to many data breaches. Once the malware has been installed, credentials can be stolen and vulnerabilities can be exploited. This is why you need to install secondary defenses that will protect your vital assets and systems. So long as human error exists and phishing scams continue to fool employees, it is not a matter of "if" a malware attack occurs, but "when." As part of your secondary defenses, you must understand the attacks, know how to defend against them, and ensure that your configuration is ironclad.

5 Steps to a Strong Configuration: Creating a strong configuration that works to secure your vital business data is made easier when you take the following factors into account.

  1. Endpoint Protection. -- To secure the endpoint you need to complete all browser and plug-in updates, use an updated anti-virus software protection, use Data Execution Prevention (DEP), and use Endpoint Threat Detection and Response (ETDR).
  1. Strong Passwords. -- In 2016, 63 percent of data breaches involved passwords. In 2017, 81 percent of hacking-related breaches used either weak or stolen passwords. The moral of this story is simple, any device with a weak or default password is a security vulnerability. To reduce these risks, you must change default passwords to ensure that they meet criteria like the following: 8 to 16 character length that includes one lower case, one upper case, one numeric, and one printable special character.
  1. Restrict Login Attempts. -- If a user has an infinite number of times to attempt to log in, then their "strong password" becomes obsolete. Instead, you should track and limit the number of login attempts before the user is blocked from accessing the network. This simple step will not only alert you to potential hacking attempts but also provide key insights into why certain user accounts are being targeted.
  1. Leverage Alternative Authentication Mechanisms. -- An authentication server can be used to manage LDAP, active directory, radius, and TACACS. Additionally, two-factor authentication should be used to minimize potential vulnerabilities. RSA tokens, biometrics, certificate, and smart card (or common access card) are all viable means of two-factor authentication.
  1. Restrict Network Access To Critical Systems. -- More than 50 percent of inside data theft jobs involved the misuse of administrative privileges. To combat this risk, you should monitor administrative privileged functions and immediately flag any anomalous behavior. These two simple actions can greatly mitigate the damage that could occur, should a hacker gain access to your network.

The Bottom Line: Properly Configured Networks Are Key to Data Security
It doesn't matter how strong you think your IT security is if your network is improperly configured. Through endpoint protection, strong passwords, a restricted number of login attempts, alternative authentication, and limited access to critical systems, you can improve the configuration of your network.

In the second part of this series, Weak Links in Security Part 2: How to Create a Secure Network Configuration, we will explore the steps you can take to ensure that all devices, communications, logging, and vulnerability responses are properly configured to keep your vital business data safe. 

Other Blog Posts

The Rapid Growth of AI and the Use of Raritan PDUs to Meet Higher Power Demands
Posted on October 11, 2023
Data Center Report Fewer Outages, But Downtime Still Costly
Posted on September 20, 2023
Survey: Energy Usage and Staffing Shortages Challenge Data Centers
Posted on September 20, 2023
Raritan Secure Switch: Secure NIAP 4.0 Compliant Desktop KVM
Posted on September 20, 2023
The Midwest is a Hot Market for Data Centers: How the New Generation of Intelligent Rack PDUs Can Save Cloud Giants Uptime and Money
Posted on September 7, 2023

View all Blog Posts

Subscribe


Upcoming Events

AFCOM Data Center World
April 15 – 18  •  Walter E Washington Convention Center - Washington, DC
National Association of Broadcasters
April 13 – 17  •  Las Vegas Convention Center - Las Vegas, NV
Advancing Data Center Construction West 2024
May 6 – 8  •  Salt Lake City, UT
Net Zero Data Center
May 16 – 17  •  Dallas, TX
7x24 Exchange Spring
June 9th  •  JW Marriott Orlando Grande Lakes

View all Events

Latest Raritan News

Legrand Certifications and Process Controls Provide Confidence in Information Security for Network-Connected Devices in Data-Related Applications
Posted on April 1, 2024
Legrand Releases Version 4.0 of Raritan’s Industry-Leading Secure KVM Switches, Raising Bar for Secure Desktop Access
Posted on July 31, 2023
Legrand Revitalizes Data Center Sector with Two Revolutionary Intelligent Rack PDUs
Posted on May 1, 2023
Raritan Reveals The MasterConsole® Digital Dual KVM Switch
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020

View all news