Imagine yourself racing through a server room ripping network cables out of systems in an effort to contain a network that has already been breached. This is probably not a task that many of us have ever had to do, but, we can visualize it, especially after a major breach hits mainstream media.
Sure, the ‘unattainable’ goal is to make sure your network is secure enough that it is never breached. The reality, however, is that we hope we’ve taken the steps necessary to mitigate the risks when we are breached so that we never have to hear our company’s name mentioned in a news headline about a major security intrusion.
There are inherent challenges in securing an enterprise network. Although it is technically possible to completely secure a network from intrusion, we have to open up our networks to allow for B2B, B2C, and employee access. We have to allow humans to interact with our networks to conduct business and it is a fine line we must walk between reasonable interactions while remaining efficiently secure.
With a New Year come New Year’s resolutions. If being more proactive about securing your network is one of yours, we've got four security tips to share. Data correlated from Metasploit and Microsoft Security Patch Information (covering 16 months between mid-2013 to late 2014) found that the points below could assist in mitigating up to 95% of exploits, which affect Windows, Internet Explorer, and Microsoft Office.
1. Require administrators to use standard accounts unless actively performing an administrative task.
Many organizations do not look at elevated privileges as a security threat despite the fact many breaches are designed to exploit users running as administrator. Implementing any type of privileged desktop elevation solution which permits a standard user to perform a limited number of administrative tasks would greatly improve security. Such a solution would allow administrators to define which applications or tasks can run with elevated privileges while preventing unapproved software installs, accidental execution of malicious software/scripts, and browsing the web when a user is actively logged on as an administrator.
2. Run the latest major version of Microsoft Windows, Office, and Internet Explorer
Experience has taught us that identifying and patching vulnerabilities is a fundamental aspect to security. Most malware leverages vulnerabilities to exploit systems. Oddly what is also very effective is running the latest major versions, even without patching. This is not to suggest you should not patch but point out that Windows 8 is essentially Windows 7 with all the security patches rolled in at the time of release. The same concept applies to Office 2013 vs. Office 2010 or Internet Explorer 11 vs. Internet Explorer 10.
3. Contain and alert on what is leaving your network (Egress filtering)
Monitoring and/or denying certain outbound traffic is not so much about preventing a breach, rather, it’s focused on containment of sensitive data after a breach has occurred. There are numerous examples where custom malware traffic is designed to communicate over port 443 and something as simple as an authenticated web proxy could prevent this traffic from leaving the network. Savvy malware writers have been known to encrypt data leaving networks, making it difficult to determine the content of the data, thus, the value in data analysis lies in determining traffic patterns, sources and destinations to limit the amount of information lost.
4. Implement Multi-factor Authentication
“Death to passwords” is a rally cry we have heard for almost a decade. Although it is unlikely that a large corporate network could completely eliminate passwords, we can significantly reduce password vulnerability by introducing additional factors for authentication. What multi-factor authentication adds is strength that a compromised password alone is not valuable as they do not have the required token to successfully logon.
There are numerous options when it comes to multi-factor authentication including OTP (One Time Password), RFID, Smart Card, Fingerprint Reader, or Retina Scanner. Although a layperson may not recognize the term Multi-factor authentication, it is already used by most adults in the US today. The ATM card in your wallet that also has a pin number is the perfect example of two factor authentication used to secure a valuable asset.
Staying up-to-date on security patches, limiting the use of administrator level rights, and implementing a multi-factor authentication protocol into your environment could assist in mitigating up to 95% of exploits based on the data evaluated. These measures, along with a good Egress filtering strategy, in case you are ever hacked, are the most effective ways to reduce the potential of being breached.
No matter what approach your organization chooses to take, the most important thing you can do is continuously monitor and review your security practices. Attackers are always evolving and refining their methods, so, you too must be diligent and take the steps necessary to ensure you are properly protected.
Now is as good a time as any to beef up your security practices. If you don’t know where to start, the topics above will surely help you make strides in the right direction.