When a company wants to understand how its infrastructure is vulnerable, it orders a cybersecurity assessment. Our colleagues in the Security Services department assess dozens of businesses each year, sometimes finding rather peculiar cases. Of course, they cannot disclose the specifics here, but privacy agreements don’t prevent them from telling you about the most widespread errors – and lending you the benefit of their experience with advice on how to make your infrastructure more cyberresilient.
While assessing network perimeter penetration possibilities, our colleagues located several typical errors that can allow cybercriminals to enter your infrastructure. They are:
- Inadequate network filtering,
- Publicly available network access to management interfaces,
- Weak account passwords,
- Vulnerabilities in Web applications.
The last item is worthy of particular attention; in 73% of the tests performed by our pentesters, Web app vulnerabilities were used to gain access to hosts inside the network perimeter. The second most prevalent flaw is unrestricted network access to management interfaces. Sometimes those interfaces can be accessed with credentials obtained by exploiting other vulnerabilities; in other cases, the default credentials were kept. Password-guessing attacks and hunts for credentials on another compromised host also pays off.
Another common problem is access to the remote management Web interfaces (the administration control panels of Web applications or a CMS). Potentially they allow not only complete control over the Web application but also access to the operating system.
To keep your infrastructure safe from those flaws, our experts have the following recommendations:
- Set strong passwords for administrative accounts;
- Use different accounts for different systems;
- Update software to the latest versions;
- Restrict network access to all management interfaces, including Web interfaces;
- Allow access from only a restricted number of IP addresses;
- Use a VPN if remote access is absolutely necessary;
- Pay careful attention to configuring network filtering rules, password protection, and eliminating vulnerabilities in Web applications;
- Perform regular security assessments for all publicly available Web applications;
- Implement a vulnerability management process;
- Check applications each time changes are introduced into their code or Web server configurations;
- Update all third-party components and libraries in a timely manner;
- Check all systems to see if any default credentials are being used. Perform this check on a regular basis, and do not forget about Web applications, content management systems, and network devices.
More technical details, examples of penetration tests, and statistics data can be found in a report called “Security Assessment of Corporate Information Systems in 2017.”
(From Kaspersky blog).