NCSAM Tip #6: Three Tasks to Make Your Network Significantly More Secure
Securing a large complicated network can be a daunting task with so many technologies and devices. You may be asking yourself where to start. What could I do to get the most out of the time I spend securing my network? There are three areas that you can start with that will significantly reduce your attack surface and make your network more secure in the process. It is such a simple list yet overlooked by many: patching, maintain passwords, and disable unnecessary services.
Something as simple as patching your systems for known security issues should be at the top of your “Securing my network” list. By applying security patches to all of your systems on a regular basis you are reducing the number of vulnerabilities that are available on your network. The use of pre-coded/pre-packaged exploits to gain access to a system is nothing new and many unskilled script kiddies use them every day. By cutting off this simple method of access attackers will start to look for other ways into your systems.
There are always a few systems that have not been patched, be they in a test lab or an old decommissioned production system that is still on-line but not used anymore. These discarded or leftover systems are often times a treasure box with keys and other useful pieces of information. Reusing the information found on these systems, such as user password credentials or trust relationships can help in compromising your patched systems. When attacking a network these credentials can come in handy and be a simple way to compromise many other devices. Enforce restrictive password policies, provide a password management program to your employees, actively manage your password policies and strength requirements, and test your password strength regularly so you can tune your policies if needed.
And lastly on any network there is generally a plethora of listening network services that are not ever used. Having a web server or any server service installed on a desktop system, installing unused databases on all of your productions servers just in case you need them are a few examples of bad practices. Removing these unnecessary network services will drastically reduce your attack surface. This reduction in services will make patching easier , provide less options to an attacker, and reduces your attack surface exposure.
These three topics have come up on every network security posture assessment I have ever performed and they are the three that have the most impact on your security posture when fixed.