While there are a lot of cybersecurity risks out there, perhaps the most common, and easily preventable, is misconfiguration of the security environment. Hacks, breaches, and data exfiltration are some of the top concerns for companies, and a lot of things can be prevented with better security practices.
Reputable antivirus is also of major importance, especially if it’s developed for enterprise environments. You can read this review of PC Protect, an industry-recommend security suite that is suitable for businesses and individuals.
The Open Web Application Security Project, an international non-profit organization, summarized the top 10 security risks in the digital world (not in particular order). They are:
1. Injection
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities
5. Broken Access Control
6. Security Misconfiguration
7. Cross-Site Scripting
8. Insecure Deserialization
9. Using Components With Known Vulnerabilities
10. Insufficient Logging and Monitoring
The list is not in order of most common – in fact, OWASP states that security misconfiguration is the most common security vulnerability. Yet it is also the most preventable.
What causes security misconfiguration?
Security misconfiguration typically boils down to human error. When a system or database administrator, or a developer, tries to implement security frameworks within an application, or server. If the security framework has not been configured correctly, you get vulnerabilities within the security system.
Preventing security misconfiguration does not fall solely on the shoulders of a single person, however. It may be the developer who implements the security framework, but the integration team needs to properly streamline it into production, and the system administrator must be on top of updates and patches.
Thus, preventing security misconfiguration really becomes a team effort – which is precisely why it is the most common security vulnerability. Security configuration goes through a long chain of real people, and real people make mistakes somewhere along the chain.
What are some common security misconfigurations?
Systems that haven’t been patched.
Network devices that haven’t been properly configured.
Default or weak usernames and passwords.
Unprotected files and directories.
There are a number of ways to avoid these common pitfalls.
For system patches, you need a highly trained professional, especially in a larger enterprise environment. System patches should always be tested first in an isolated test environment, to rule out any malicious code that found its way into the patch (this has happened).
Enterprise environments may also be running custom code and server configurations, so applying patches straight away can be quite hazardous to the entire structure. Sadly, this is why many large companies do not have the latest security updates. The system administrator needs time to evaluate the effects of a system patch, and how it interacts with the network environment.
For network devices, this can be routers and gateway hubs, but also mundane devices that actually pose a security threat when not properly configured. Network connected printers, for example, can offer a gateway into the rest of the network, if the device is using default security settings. It is incredibly important to comb through a network environment for devices that could easily be overlooked, yet are part of the network.
Final Tips on Preventing Misconfiguration
Top security experts recommend the following procedures for ensuring proper network security configuration:
a. Repeatable patching schedules.
b. Disabling default accounts.
c. Using data encryption.
d. Enforcing strong access controls.
e. Performing regular system audits.
There are other methods as well, so really, education and training is most important for your security team.