Skip to main content
HashnodeGEANT TECH LLC

Command Palette

Search for a command to run...

CISA Top Ten Cybersecurity Misconfigurations

Updated
2 min read
CISA Top Ten Cybersecurity Misconfigurations
G
GEANT TECH LLC

Default Configurations of Software Applications

  1. Modify the default configuration of applications and appliances before going live in production environment.

  2. Change or disable vendor-supplied default usernames and passwords of services, software and hardware equipment.

  3. If not required disable LLMNR and NetBIOS on WINDOWS Systems

Mitigate Improper Separation of User and Administrator Privileges

  1. Implement Authentication, Authorization, Accountability, and Auditing system for non-repudiation.

  2. Audit user accounts and remove those that are inactive or unnecessary. Limit the number of users with identity and access management privileges.

  3. Restrict the use of privileged accounts to perform general tasks. Only use service accounts with the permissions necessary for the services they need access.

  4. Implement time-based access for privileged accounts. Disable unused services and implement ACLs and RBACs to protect services and applications.

  5. Implement a Security Information and Event Management System for log aggregation, correlation, visualization, and alerting.

Lack of Network Segmentation

  1. Leverage next-gen firewalls to perform deep packet filtering, stateful packet inspection, and application level packet inspection.

  2. Setup network segmentation to isolate critical systems, functions, and resources.

  3. Create Virtually Private Cloud instances to isolate essential cloud systems.

Poor Patch Management

  1. Implement and maintain an efficient patch management process. Update software and firmware regularly.

  2. Automate the update process as much as possible.

  3. Use the Common Vulnerability Scoring System for a qualitative measure of severity.

  4. Evaluate the use of unsupported hardware and software. Discontinue or isolate legacy systems that are outdated.

Bypassing of System Access Control

  1. Limit credential overlap across systems.

  2. Deny domain users the ability to be in the local administrator group on multiple systems.

  3. Use service accounts for system to system communication.

Weak or Misconfigured Multifactor Authentication

  1. Disable the use of New Technology LAN Manager (NTLM) and other legacy authentication protocols on Windows systems.

  2. Implement cloud-primary authentication solution using modern open standards such OpenID Connect.

  3. Enforce phising-resitant Multifactor Authentication (MFA)

Insufficient ACLs on Network Shares and Services

  1. Implement secure access for all storage devices and network shares.

  2. Apply the principle if least privilege on users, groups, and roles.

  3. Apply restrictive permissions to files, shares, and directories.

Unrestricted Code Execution

  1. Implement system settings that prevent the ability to run applications downloaded from untrusted sources.

  2. Use application control tools that restrict program execution by default; also known as allowlisting.

  3. Block or prevent the execution of known vulnerability drives. Use read-only and minimal images for containers.

  4. Constrain scripting languages from auto-executing to prevent malicious activities.


Found this useful, follow our page on: https://www.linkedin.com/company/geanttechnology

#cybersecurity-1

More from this blog

G

GEANT TECH LLC

4 posts

A multinational Software and Data Engineering company focused on building Datacenter solutions and Software as a Service applications for accelerated Digital Transformation.