Spring is here, which means many people will be cleaning their workspace and getting rid of the clutter on their desks. If you’re in charge of your organization’s security, we hope you’ve been keeping your network clean all year. Nonetheless, there are some “quick wins” you can take to remediate infections on your network and mitigate cyber risk. Below are a few spring cleaning tips organizations can apply towards their network security – and encourage their vendors to apply as well.
Perhaps the most imminent threat to your network is a botnet infection. A botnet is a unified networks of bots that perform coordinated actions based on instructions received from the botnet’s creators. Why are botnets so dangerous? Botnet infections can result in massive data extraction from an organization’s systems. In fact, organizations with a higher volume of botnet infections are more likely to experience a publicly-disclosed breach.
When’s the last time you ran a complete scan of all your company’s computers and network devices for malware? Do you have an antivirus policy? Does your network have an Intrusion Prevention System with Malware Detection? Regardless of what operating systems your company uses on its machines, malware may still be hidden there.
E-mail validation technologies
SPF (Sender Policy Framework) helps prove that emails coming from your domain are from authorized senders, and are not from malicious actors. Without SPF, spammers can use your company’s good name to do their business and possibly get your legitimate email dropped by other organizations due to spam. Likewise attackers can fake an email address from your domain and send out malicious links or load malware into fake company documents.
An SPF record is stored in your domain’s DNS records. All domains should have SPF records, including those that aren’t configured to send mail. Even if a company does not intend to send mail from a domain, an attacker can still use that domain to spoof email. These domains should have null SPF records, which will cause all mail servers to reject mail from that domain.
According to a Google study, 91.4% of authenticated, non-spam emails sent to Gmail users come from senders that use SPF, DKIM, or both.
Once you have an SPF record ready, you can add it to your domain by configuring it on your authoritative name servers or your DNS provider’s administrative control panel.
There have been many SSL versions and cipher suites that have been made obsolete over the past several years by vulnerabilities and attacks such as POODLE and DROWN. You might be surprised to learn that some of your systems still have these protocols and ciphers enabled, leaving a window of attack open to your organization or your users. There is no longer a reason to continue to support these methods (e.g. SSLv2) as newer standards are more commonly supported amongst clients and web browsers today.
There are a number of online tools that allow you to check a server for a specific vulnerability or attack. Enter your company domain and the tools will do the checking for you.
- Check your servers for SSLv2 support.
- Check your servers for SSLv3 support.
Optionally you can run a full test of your company’s servers which will include both SSLv2 and SSLv3 information. If it turns out that some of your servers still support these protocols, there are some technical guides for bringing your system’s configuration up to modern best practices. At minimum, always make sure that your operating systems and supporting libraries are up to date with the latest patches.
- Remove SSLv2 from Microsoft IIS servers.
- Remove SSLv2 support from Apache, nginx, Postfix.
- Remove SSLv3 support (all server types).
Firewalls / User controls
Ports are virtual access points for software to communicate over a network and are a standard feature of every operating system. Certain ports must be open to support normal business functions; however, unnecessary open ports provide ways for attackers to access a company’s network, especially those that been left open to the Internet inadvertently.
Keep the ports you use open and close the others with firewall software and hardware from vendors that meet your company’s requirements.
- Make a list of the mission-critical software and services your company uses for its business at the main office and other locations.Assess whether this service needs to be accessed by third-parties outside your organization, such as customers or partners.
- Determine if the data from the service should be protected in transit, such as services that do not offer encryption but transmit sensitive information, and configure a limited-access VPN for those users to those services.
- If the service only needs to be accessed by a known set of users, configure firewall rules to limit access to only those users.
- If the port of the service is not known, find the port numbers for your mission-critical services by referencing the application’s configuration and support material, or searching for those software and service names at IANA’s Service Name Registry.
- Configure your firewall to keep ports open to the Internet that need to be used by your organization’s global audience, and close the rest.
Put simply, vulnerability management is how quickly known vulnerabilities in software are patched. With major vulnerabilities emerging nearly every day, reaction time is critical in order to reduce cyber risk. A large network security hardware vendor found in January that 92% of its customers had not recently patched their systems. Last year, many users of a popular e-commerce platform did not patch their systems for at least two months after the platform developers publicly released a fix for a serious vulnerability.
- Start with high severity vulnerabilities and identify any unsupported software you’re running on your systems. Executives in your organization likely know about Heartbleed, POODLE, and other high-profile attacks. You’ll want to know exactly how many machines in your organization are affected, and set a timeline to bring the number down to zero.
- Ensure new systems introduced into the field are free of any known vulnerabilities. Staying informed on the latest threats is a simple way to be cognizant of any possible risk you could acquire when bringing any new devices onto your network.
- Find out how quickly your critical vendors are patching vulnerabilities. Your organization’s security posture may be strong, but one weak link in your supply chain can pose significant risk.
Small steps, big results
Managing security is no easy task in today’s threat landscape. However, these quick tips can greatly enhance the security posture for any organization. If your organization is already on track, make sure your vendors have also taken these steps to reduce risk.