Posted by Geraldine Hunt on Thu, Jan 5th, 2017
Happy 2017, everyone! It’s that time of year again when we make countless new year’s resolutions on a personal level in order to improve our lives. You know what I mean, lose weight, exercise more or read that pile of books that have stacked up by our bed! But as a security professional, this is also the perfect time to assess your company’s current network security posture.
Everyone wishes their organization could be more secure. With the number of cyber-attacks and insider threats increasing, you can always find a new security practice to enact. Those first couple of weeks of the New Year can be allocated to perform those routine securities minded tasks that have gotten pushed to the back burner just like those personal resolutions we made last year. Here’s a list of great tasks to knock out for the New Year.
User and Admin Accounts
Active Directory admins should review AD for any user accounts of employees that are no longer with the organization for one reason or another. These accounts should be immediately deleted or at the least, disabled as unutilized accounts make ideal targets for hackers. An easy way to accomplish this would be to run a script to disable and report on any accounts that haven’t been authenticated in a set time window such as 45 days.
At some point throughout the year, every network admin gets that frantic call from an employee that pleads for emergency power to install an application or access a series of websites that are normally blocked for a presentation they are doing in ten minutes. In order to accommodate them quickly, we sometimes bend the rules and give them local admin rights to run an application install or give them content filter override permissions. Then as the day goes on, we forget about it. For this and other reasons, it’s important to review the membership of any group with elevated privileges to ensure that unauthorized users can’t perform admin rights or preeminent functions that could put the network at risk. Users who have privileged content filtering access or override levels should also be scrutinized in order to prevent unknowing users from accessing known malware or spyware sites.
It’s also a good opportunity to force everyone to change their password. Passwords should adhere to a minimum length of 8 characters but administrators should be required to have passwords of 14 characters. Passwords should also meet complexity requirements as well which enforces some combination of upper and lower case letters, numbers and/or non-alphanumeric characters.
Firmware Updates and Patches
It’s not a glamorous job, but someone has to do it and some of the biggest cyberattacks of 2016 could have been prevented by this all important task. Make sure that all of your network devices have the latest firmware updates including:
- Security appliances
- IoT Devices
- Wireless access points and controllers
You should also ensure that your fleet of servers and client machines are receiving and installing updates and patches according to their scheduled release in order to prevent zero-day attacks. Antivirus definitions should be up to date as well. Random vulnerability scans can be conducted to assess the security readiness of your servers.
Harden Your Devices
All servers should be reviewed for unnecessary services and roles. Any service that is not utilized should be disabled. This will help conserve internal hardware resources and eliminate one more vulnerability that a hacker can utilize. For the same reason, any roles or add-ons not utilized such as DNS, IIS, DHCP should be fully uninstalled as well.
Remote Access Review
All servers should be reviewed for their remote access configurations. Any server that grants remote access to it from the Internet is a huge security risk and must be justified. Ensure that access is only allocated for required users. Vendors may have been allocated remote access to servers for application installs at one time or employees who were temporarily working from home are instances in which remote access was granted and then forgotten. Any server that grants remote access to it from the Internet is a huge security risk and must be justified. Ensure that access is only allocated to designated users.
Educate Your Users About Spam
The best defense against attacks such as ransomware and phishing attacks is to constantly keep users informed and educated on new types of attacks and how to spot them. If possible, a spam test can be implemented to assess how astute users are to spamming. This can help determine the need for more training and identify users whose email behavior could compromise the network.
Here’s to a great—and secure—start to 2017.