Embed Size (px)
Citation preview
A C A D E M Y
INFRASTRUCTURE SECURITY CHECKLISTBy Paula Januszkiewicz & CQURE Academy
Each year in the security summary reports provided by vendors present the conclusion that from year to year
the security breaches are becoming more sophisticated and multifaceted. The challenge is also there for
the companies that must maintain and keep up to date cyber security defense strategy.
Unfortunately during the hundreds of security audits performed we have noticed that in the organizations
there are committed all the time the same mistakes. Sometimes they relate to the architecture and design
where as a mistake we consider some solution missing, in most cases though these are solutions used that
lacked good practices during the implementation or they suffer a ‘time-effect’ where the more we use them the
more they are getting misconfigured.
This approach can be translated into several technical points that describe areas of focus and then related
chosen branded solutions that help to achieve these goals and that varies in between companies. Many of them
though are not in compliance with the latest security updates and standards or they do not have a complete
thought through plan of cyber security defense execution. As an example we give companies that have not
implemented any code execution prevention mechanism yet, in the era of ransomware this poses a great risk
of being attacked and infected. Having the opportunity to ask questions to large session or training attendees
or simply by relationships with our Customers, we see that statistically everyone knows someone being
attacked by the ransomware, approximately ¾ have received to the email system an email containing
ransomware data, a bit over ½ experienced the ransomware attack. This is truly scary, especially because
solutions are just ‘around the corner’.
The lesson from these breaches suggest that all organizations need to look at their policies, procedures
and infrastructure with an eye on adopting the most rigorous and modern approaches to cyber security. Since
the objective of the security assessment is to identify security risk exposure and provide mitigation strategies
to reduce risk to critical business processes and provide secure conductivity for IT operations we would like
to present you with the comprehensive technical list of areas that should be well thought through
in the organizations and step-by-step be effectively implemented in order to prevent the common and
uncommon threats. If you wonder why we did not mention for example Pass-The-Hash prevention etc. it is
because code execution prevention stands a bit higher in the attack prevention hierarchy and these 14 steps
present the complete solution preventing pretty much all the interesting examples of the attacks.
Our list refers to what is missing and needed in most of the enterprises, we have delivered security penetrations
tests and audits for.
Everlasting key to the success is to develop multi-pronged approachto cyber security defense.
Defense Strategy Should Become A New Black
A C A D E M Y
INFRASTRUCTURE SECURITY CHECKLISTBy Paula Januszkiewicz & CQURE Academy
FOR MORE SECURITYWISDOM FOLLOW US ON: FACEBOOK TELEGRAMTWITTERYOU TUBE https://telegram.me/cqurehttps://twitter.com/PaulaCqurehttps://www.youtube.com/channel/UCWIEIMHXyJ62RF4aVmU30oghttps://www.facebook.com/CQURE/
Offline access protection on workstations, laptops and servers when necessary (BitLocker etc.).
Implementation of the process execution prevention (AppLocker, BeyondTrust, Avecto, Viewfinity etc.).
Log centralization, log reviews - searching for the anomalies, certain log error codes. Performing
the regular audits of code running on the servers (Sysmon, Splunk etc.).
Maintenance: Backup implementation and regular updating (vendor specific solutions, WSUS, etc.).
Review of the services’ settings running on servers and workstations (examples: using the accounts
that are not built in, that are too privileged, reviewing service files locations, changing permissions
where necessary – Security Description Definition Language, changing accounts to gMSAs where
possible, limitation of the amount of services running on the servers (SCW and manual activities).
Implementation of the anti-exploit solutions (EMET etc.) and anti-virus solutions
(McAfee, Symantec, NOD32 etc.).
Reviewing the configuration of the client-side firewall and enabling the programs that can
communicate through the network only. Currently in most of the companies outgoing traffic
from workstations is all allowed.
Management of the local administrator’s password (Local Administrator Password Management etc.).
Identity management (example: smart card logon) and centralization, password management (Public
Key Infrastructure, Microsoft Identity Manager etc.). In approx. ½ of the companies there is a PKI
implemented but almost everywhere it is not done according to the best practices (to be sincere – we
have never seen it done well) and not in the alignment with the business needs. Almost every company
we have cooperated with expressed the need of using certificates somewhere and technically it was a
reasonable need.
Implementation of the Security Awareness Program among employees and technical training
for administrators.
Implementation of scoping (role management) for permissions and employee roles
(SQL Admins, Server Admins etc.).
Implementation of the network segmentation (VLANs, IPSec Isolation, 802.1x etc.).
Implementation of the data protection (ADRMS etc.).
Periodical configuration reviews and penetration tests (internal and external) performed by
the internal team and 3rd party company.
INFRASTRUCTURE SECURITY CHECKLIST
A C A D E M Y
INFRASTRUCTURE SECURITY CHECKLISTBy Paula Januszkiewicz & CQURE Academy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
FOR MORE SECURITYWISDOM FOLLOW US ON: FACEBOOK TELEGRAMTWITTERYOU TUBE https://telegram.me/cqurehttps://twitter.com/PaulaCqurehttps://www.youtube.com/channel/UCWIEIMHXyJ62RF4aVmU30oghttps://www.facebook.com/CQURE/
One can imagine that these 14 points may look too overwhelming, but do not worry.
Focus on one point, do it well and prioritize and plan the rest. The list above presents
the most important areas to verify and implement in the typical enterprise.
GOOD LUCK!
A C A D E M Y
INFRASTRUCTURE SECURITY CHECKLISTBy Paula Januszkiewicz & CQURE Academy
FOR MORE SECURITYWISDOM FOLLOW US ON: FACEBOOK TELEGRAMTWITTERYOU TUBE https://telegram.me/cqurehttps://twitter.com/PaulaCqurehttps://www.youtube.com/channel/UCWIEIMHXyJ62RF4aVmU30oghttps://www.facebook.com/CQURE/
