If you look back at this year’s hacks, (and the year before and the year before that) many of them come from three areas: improperly configured servers, applications, and vulnerable software.
Most organizations are aware of these configuration problems but often are unable to easily check and monitor these elements across all environments and form factors. These organizations are especially vulnerable and need a simple and scalable solution that works everywhere.
The key to avoiding these configuration mistakes is to ensure that your team has full visibility into all workloads, and most importantly, takes advantage of said visibility. For example, CloudPassage Halo is deployed everywhere from bare metal, to public and private cloud, and now to containers as well. With Halo, you can check and continuously monitor common configuration mistakes with our built-in vulnerability scanning, all from one simple portal.
So ask yourself, does your team wrestle with any of the following 11 configuration mistakes? And if they do, take action today and employ policies that will save you future headaches!
- Your auditing isn’t enabled – The only way to be aware of any vulnerabilities (so they can then be fixed) is to enable auditing. If your team isn’t getting the notifications they need from their auditing process, how can you expect vulnerabilities to be flagged and subsequently fixed?
- Logging isn’t forwarding off host – It’s essential that you continuously check that the logs are configured to go off host for forensics and compliance. One of early steps an attacker will do is turn off and/or clear your logs on a host. You need to make sure logs go off-host at all times.
- Shared admin accounts aren’t properly set up – In order to ensure proper security, shared admin accounts must be set up with the right controls. Security should be set up on a need-to-know basis, and admins must be given the right credentials according to their position.
- You have unneeded users and groups – Avoid complication by streamlining your portal and removing unnecessary clutter from your security team. Unnecessary users and groups raise the risk of user error and weaken your organization’s barriers of entry.
- Using default users – Your security practices must be customized and organized according to your unique team. Security tools are meant to be customized according to your team’s needs, not simply enabled and then forgotten about.
- Passwords are too simple – This may seem obvious, but breaches still happen due to poor password setup. Employ password best practices (including capitalization, symbols, lower case, numbers, and length) to keep your company safe.
- Passwords aren’t rotated – Ok, so you have a strong password, but have you rotated it? The longer a password stays in use, the more likely it is to be breached. Be sure and rotate your passwords every few months to ensure that your most obvious security entry point is under lock and key.
- Lack of asset inventory – The first step in securing anything is knowing what you have. Having a continuous situational awareness of server and containers – with detailed asset inventory data – will help keep it secure.
- Unauthorized software running – It’s critical to always be aware of what software your organization is running, and where. Make sure all of your host-based tools are continuously running via an application whitelist in order to remain secure.
- Systems aren’t patched – The next (and arguably most critical) step after scanning and becoming aware of your vulnerabilities, is to patch them. Most exploits don’t happen due to a zero-day vulnerability, but rather a vulnerability that went unpatched for months or even a year.
- Applications not locked down – This last point is straightforward, yet sometimes ignored: Always lock your applications. This removes any easy access entry points that could be exploited.