6 Steps to Prevent Hackers From Attacking Your Systems’ Biggest Vulnerability
The weakest link in most security systems is the user. Use these tips to make sure hackers don’t use them against you.
Every network has vulnerabilities, but none is more exploited than the back door created by end users.
1. Approved Standards
Define a set of approved configurations to secure and operate end-user workstations. These configurations should include approved operating systems, applications and utilities, and even which browsers and plugins are supported for organizational use. The more consistent an organization can make these standards, the easier it will be to maintain systems using approved configurations. Any program added to this standard build will increase the potential attack surface for an intruder to exploit and the amount of work the IT team will have to perform to secure systems so it behooves organizations to keep the list of approved software to a minimum.
2. Communication
Inform users about the approved standards, making it clear that “unapproved” software is also unauthorized — and ensure that all users understand that using unauthorized software may result in disciplinary action, and why. Technical controls to restrict the use of unauthorized software should be used wherever possible but can often be bypassed by a savvy user, so awareness of the types of threats organizations face and how ignoring information security standards may lead to a breach can go a long way toward making users an active participant in the information security process.
3. Administrator Accounts
Minimize the use of administrator or other privileged accounts that are allowed to change system configurations, including installation of new, potentially unauthorized software. Administrator credentials are a favorite target of hackers, and reducing the number of places they are present on a network reduces the potential for them to be stolen. IT personnel should have an unprivileged “daily use” account for browsing the web, checking email, etc., and a separate administrator account that is only used when necessary.
4. Patch Configuration and Management
Actively patch end-user systems on a regular basis, and confirm that patches are installed. As new security threats are identified it will become necessary to update the security configurations of systems that are already deployed; this should be regularly conducted as part of a formal security program as well. Rather than trying to figure out how to securely configure software on their own, organizations should rely on industry accepted configuration benchmarks such as those freely available from the Center for Internet Security and adapt them to their own business needs.
5. Penetration Testing
Conduct regular (at least quarterly, but preferably monthly) internal and external vulnerability scans to help identify systems which are out of policy, then patch those systems. These scans should be supplemented with periodic (at least annual but preferably quarterly) penetration testing to identify more complex issues that vulnerability scanners can’t identify on their own.
6. Exception Management
Exceptions to policies will always have to be made. Actively manage an exception process which tracks “special” software as well as users with elevated permissions. The security configurations and patch management of these special cases often end up being overlooked and may present a risk long after the standard software has been hardened and patched.
No security program can remove all risks entirely, but every organization should be working to close the back doors that leave them vulnerable. Taking these recommended actions will help you make sure the easiest ways to break in are locked up tightly.
*****
Bio: Christopher Camejo is the director of threat and
vulnerability analysis at NTT Com Security.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
