Reduce security risk with 3 edge-securing steps

July 1, 2024

The biggest hot-button issue in cybersecurity right now is the network edge. Exploitation of vulnerabilities on the perimeter has led to some of the highest profile cyberattacks of the year, including the breach of Microsoft through the exploitation of OAuth credentials, and this has led other cyber threat actors to pursue the same attack vectors even against smaller targets. By following a few specific guidelines, it is possible to reduce the vulnerability of an enterprise to these kinds of threats.

First, consider getting rid of SSL or web-based VPNs. Remote node management complicates several existing security problems, particularly the patching problem. Separate cloud solutions are required to manage remote node patching, and even in the best case scenario, it is still vulnerable to attack. A recent report from the Norwegian National Cyber Security Center (NCSC) has recommended fully abandoning SSL or web-based VPNs in favor of internet protocol security (IPsec) based VPNs with internet key exchange (IKEv2). If practical, consider making this substitution.

Second is password management. All too often, passwords are stored in places they’re not supposed to be, in a format they’re not supposed to be in. Hardcoded passwords or passwords stored in an inappropriate storage platform can be accessed by threat actors, giving them the tools to compromise entire networks. To avoid some of the major roadblocks, it is strongly advised that users should make use of automatically generated passwords stored in password managers.

Lastly, review who has access to your cloud assets. Often the key vector into a network is through a legacy client that still has cloud access. This was the case in the Microsoft breach. These incidents occur because enterprises do not pay close attention to who has access to cloud assets and allow legacy clients to maintain access without proper security. In order to prevent this, it is strongly encouraged that enterprises maintain a strict inventory of cloud access permissions and only give them out as necessary, removing them when they are no longer necessary.

More from Blackwired

October 14, 2024

SOC teams are frustrated with their security tools

SOC teams face noise from security tools, with only 16% of alerts being genuine. AI tools are increasingly adopted to improve efficiency.

Read more
October 7, 2024

NIST proposes barring some of the most nonsensical password rules

NIST recommends longer passwords, no resets, and no special characters. Use random passwords or memorable passphrases stored in a manager.

Read more
September 30, 2024

Don’t panic and other tips for staying safe from scareware

This social engineering tactic convinces users they are compromised, urging them to download malware disguised as antivirus software.

Read more

© 2024 Blackwired. All Rights Reserved.