Dr. Chase Cunningham - Defend & Conquer Weekly Review October 11, 2023

The Ten Most Common Cybersecurity Misconfigurations: A Must-Read

Welcome to this week's cybersecurity update. Today, I have an important document to share with you. The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a report that highlights the top ten most common cybersecurity misconfigurations. These misconfigurations, if left unaddressed, can leave your network vulnerable to attacks. In this article, I will delve into each of these misconfigurations and provide insights on how to fix them.

1. Improper Separation of User and Administration Privileges

One of the most crucial security measures organizations must adopt is the separation of user and administration privileges. Granting administrator access to everyone in your network is a recipe for disaster. Implement a robust system that ensures only authorized personnel have administrator privileges. Additionally, be cautious about providing regular users with access to PowerShell on Windows machines, as this is often exploited by ransomware.

2. Insufficient Internal Network Monitoring

Understanding what is happening on your network is essential for detecting and responding to threats effectively. Implement comprehensive internal network monitoring to gain visibility into normal network behavior. When deviations from the norm occur, it's critical to possess the contextual information and intelligence necessary to remediate the issue. Simply relying on blinking lights and alerts is not enough.

3. Lack of Network Segmentation

Network segmentation is a critical practice that should not be overlooked. By dividing your network into separate segments, you prevent the spread of an attack from one compromised area to the entire network. Think of it like a submarine: if one compartment floods, the rest of the submarine remains unaffected. Without segmentation, a single security breach can have widespread consequences.

4. Poor Patch Management

Patch management is crucial for maintaining the security of your network. While it may not be feasible to patch everything immediately, it is essential to have a process in place to identify weaponized exploits and vulnerabilities promptly. Emphasize the importance of patching in your organization and ensure that it is executed effectively. Remember: Don't suck at patching!

5. Bypass of System Access Controls

Proper identity and access management are key components of a robust cybersecurity strategy. Organizations must be vigilant in monitoring access controls, detecting unusual logins, and identifying privilege escalation attempts. Ensure that unauthorized individuals are unable to access sensitive information or resources.

6. Weak or Misconfigured Multifactor Authentication Methods

Multifactor authentication (MFA) adds an extra layer of security by requiring users to provide additional verification beyond a password. Implement MFA on as many systems and applications as possible. In the event that users complain about the additional time required for MFA, remind them that jeopardizing business security is not worth saving a few seconds. Additionally, ensure that your MFA systems are properly configured to avoid inundating users with alerts, which may lead to security negligence.

7. Insufficient Access Control List (ACL) on Network Shared Services

Access control lists are critical for protecting network resources. Regularly review and update ACLs to ensure that only authorized individuals have access to shared services. Restricting access appropriately decreases the chances of unauthorized actors gaining access to sensitive information or systems.

8. Localization Configuration

Localization configuration refers to ensuring that systems, software, and applications are accurately configured to their appropriate locations. While this process may be challenging, it is essential to prioritize accuracy to avoid misconfigurations that could lead to vulnerabilities. Adhere to localization protocols and requirements to minimize the risk of exploitation.

9. Poor Credential Hygiene

Passwords are notorious for their vulnerability. Organizations should prioritize moving away from traditional passwords in favor of more advanced authentication methods such as pass keys, biometrics, or multifactor authentication. If managing multiple passwords becomes overwhelming, consider using a password manager like Dashlane to securely store and manage passwords. Remember, good credential hygiene is essential in today's threat landscape.

10. Unrestricted Code Execution

Unrestricted code execution is a critical issue that developers must address. Implement rigorous testing protocols to ensure that your software is not susceptible to code execution vulnerabilities. Such vulnerabilities enable attackers to run arbitrary code on your systems, so it is vital to control and restrict the execution of code within your applications.

These ten misconfigurations are the most prevalent issues observed by the NSA, CISA, and their red and blue teams. By addressing these vulnerabilities, organizations can significantly improve their cybersecurity posture. While it's important to have well-trained staff and secure software manufacturing processes, the focus should start with these misconfigurations.

Take the NSA and CISA's advice seriously. Cybersecurity professionals with first-hand experience in cyber warfare and conflict recommend prioritizing the remediation of these misconfigurations. By doing so, you are investing your resources where they will have the most significant impact.

In conclusion, do not underestimate the importance of addressing these common misconfigurations. Implementing proper separation of privileges, effective network monitoring, segmentation, patch management, access controls, MFA, ACLs, localization configuration, and password hygiene will greatly enhance your overall security posture. Furthermore, restricting code execution within your software is crucial for preventing code-based attacks.

Stay diligent, educate your teams, and invest in the necessary tools and solutions to mitigate these vulnerabilities. By taking these steps, your organization can significantly reduce the risk of cyberattacks and protect valuable assets effectively.

I hope you found this article informative. Check back regularly for more cybersecurity insights and updates. Stay safe and secure!

*Dr. Chase Cunningham is a cybersecurity expert and contributor at CybersecurityHQ.*