CheckRed Editorial

17 October 2023

Mitigating Top Misconfigurations Listed By NSA and CISA

The joint advisory from the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) has turned the spotlight on the most prevalent cybersecurity misconfigurations in organizations. These misconfigurations can be likened to unlocked doors in an organization’s digital fortress, leaving your business vulnerable to security risks.


Understanding the Ten Misconfigurations

Let’s take a look at the ten misconfigurations that the NSA and CISA have issued an advisory against.

1. Default Configurations of Software and Applications

Default configurations, while convenient, pose a significant risk to organizations. When devices and software come with default settings and passwords, malicious actors can exploit them to gain unauthorized access. This is essentially an open invitation for security risks.

2. Improper Separation of User/Administrator Privilege

Inadequate separation of user and administrator privileges can lead to disastrous consequences. When everyone within an organization has unrestricted access to SaaS applications or the cloud, the potential for misuse or abuse of power skyrockets. It’s like granting every employee access to the company’s vault – chaos waiting to happen.

3. Insufficient Internal Network Monitoring

Inadequate internal network monitoring can leave organizations vulnerable. When network sensors are not configured properly, they can potentially lead to breaches. A lack of network monitoring can allow an infection source or abnormal activity to go unnoticed, hindering response.

4. Lack of Network Segmentation

Lack of network segmentation poses significant security risks. It blurs the lines between user, production, and critical systems, allowing adversaries to move freely. This misconfiguration also raises the threat of ransomware attacks and post-exploitation. Even seemingly isolated OT networks can be compromised due to forgotten connections.

5. Poor Patch Management

Neglecting patch management invites security breaches. Common pitfalls include irregular patching that exposes systems to known exploits, unsupported software and outdated firmware, and overlooked updates, such as MS17-010 and MS08-67 for outdated Windows systems. Proactive patch management is essential to bolster security.

6. Bypass of System Access Controls

Compromised access controls are a severe threat. When attackers can sidestep these controls, they gain entry to sensitive areas of your systems. They can use collected hashes to access accounts and escalate privileges quietly. It’s a fast way for attackers to move laterally within an organization’s network while evading detection.

7. Weak or Misconfigured Multi-Factor Authentication (MFA) Methods

Weak or misconfigured MFA methods can pose security risks. Misconfigured smart cards or tokens may leave password hashes unchanged, allowing for unauthorized access. Some MFA approaches are susceptible to phishing and exploitation, potentially granting attackers access. Assessment teams have even used voice phishing to bypass MFA. Implementing secure, phishing-resistant MFA is essential for protection.

8. Insufficient Access Control Lists (ACLs) on Network Shares and Services

Inadequate ACLs on network shares make them prime targets for attackers. They may exploit misconfigured settings, using commands and tools to identify and access shared drives. Ransomware actors often employ tools to locate accessible network shares. Once accessed, attackers can steal sensitive data, enabling extortion or intrusion plans. Sensitive information, including credentials and PII, can be easily found, compromising security.

9. Poor Credential Hygiene

Weak credential hygiene is essentially an open door to cybersecurity risks. It involves easily guessable passwords due to length and randomness issues, password hashes that can be cracked, providing unauthorized access and storing passwords in plaintext, risking security. Attackers often crack password hashes using tools like Hashcat, potentially compromising many accounts. Storing passwords in plaintext is a grave risk, as it allows quick escalation to privileged accounts.

10. Unrestricted Code Execution

Security breaches are often the consequence of allowing unverified programs to run on hosts. Attackers often use these programs to gain access after an initial breach. They leverage various forms, such as executables, DLLs, scripts, and macros, for access, persistence, and lateral movement. Scripting languages are used to evade security measures. Vulnerable drivers may also be exploited to compromise devices. Careful code execution restrictions are vital.

Remediation of Cybersecurity Misconfigurations

The NSA and CISA have outlined crucial mitigation measures to tackle these common misconfigurations effectively. These measures are like a security toolkit designed to fortify your organization’s digital defenses:

  • Remove default credentials and harden configurations
  • Disable unused services and implement access controls
  • Ensure regular updates and patching
  • Reduce, restrict, audit, and monitor administrative accounts

Strengthening Your Organization’s Security

Implementing these mitigation measures can significantly improve the security posture of your organization. It’s akin to reinforcing the walls of your fortress:

  • Enhanced Access Control: By eliminating default credentials and managing configurations, you control who enters your digital domain. It’s equivalent to having a secure gatekeeper, allowing only authorized personnel.
  • Reduced Vulnerabilities: Disabling unused services and automating patching reduces the attack surface, making it harder for malicious actors to find weak points.
  • Monitoring and Accountability: Regularly auditing and monitoring administrative accounts ensures accountability. If an incident occurs, it’s easier to trace back to the source.

With these measures in place, your organization is better prepared to fend off cyber threats and reduce the risk of successful attacks.

The Role of CheckRed in Strengthening Security

CheckRed is a trustworthy ally in the perpetual battle against cybersecurity misconfigurations. CheckRed is a comprehensive SaaS and Cloud Security Posture Management (SSPM/CSPM) tool. It equips organizations with a powerful arsenal of features and capabilities, including:

Addressing cybersecurity misconfigurations is not an option; it’s a necessity. These vulnerabilities expose organizations to significant risks, making proactive measures crucial. CheckRed offers critical proactive protection.

Integrating CheckRed into your cybersecurity strategy is the ultimate defense. It’s the proactive step that ensures your organization is fortified, compliant, and prepared for any threat that may come your way. Don’t leave your security to chance; strengthen it with CheckRed.

See CheckRed in Action

Dive into the future with our interactive demo
and explore the possibilities.