Currently, strengthening network security construction has become an important part of the digital transformation of enterprises. In view of the continuous changes and development of network threats, network security construction work also needs to be promoted from both the management and technical levels. Therefore, it is necessary for the network security authorities to conduct regular security inspections of the organization's network information systems to fully understand the implementation of network security responsibilities, application effects, and risk situations. Through inspections, organizations can more actively implement network security protection measures, continue to do a good job in network security construction, and effectively improve the network security awareness and network security protection capabilities of corporate employees.
is now in the middle of the year, and many companies will carry out periodic network security inspections at this time. In order to achieve better inspection results, it is recommended that security inspection activity organizers should prioritize the following ten aspects of work:
1►
Check third-party access and credential policies
Attackers will scan Remote Desktop Protocol (RDP) access rights, And use brute force attack methods such as credential stuffing to carry out attack activities. Organizations should seek to better manage credentials or access rights to external vendors, as their controls can easily be overlooked. Whether it's including the counterparty in the organization's multi-factor authentication (MFA) program or restricting access to a specific network through access and firewall rules, the organization should clearly define the requirements in the provider-level agreement and contract. Its access and credential management requirements. User credentials should be protected during the issuance and storage process, and these processes need to be checked and audited for vulnerabilities when conducting network security inspections.
2►
Check security scan results
Many organizations will carry out security scans and need to confirm the scan results to ensure that they are effective scanning activities from the perspective of network threats. When organizations hire a penetration testing or third-party network risk scanning company, they need to ensure that the inspection results provided reflect the actual scope of the organization's network. Security scans are worthless if they don't provide actionable information.
3►
Review cloud resources and permissions
If an organization migrates business systems to the cloud, it cannot copy the local system to the cloud. The security team needs to review how resources on the cloud are created and whether the system permissions currently set are reasonable. At the same time, enterprises also need to examine which security baselines or security guidelines can provide additional protection to strengthen the organization's cloud security applications.
4►
Deploy attack surface reduction rules
If your organization has not yet deployed attack surface reduction rules to workstations and servers to help block suspicious network access activity, it needs to be made a priority for the second half of the year as soon as possible. Organizations can start with the following rules and enable as many blocking rules as possible:
• Block Office applications from creating child processes, executable content, and code injection activities;
• Block executable content from email clients and webmails;
• Blocks the execution of potentially obfuscated scripts;
• Blocks JavaScript or VBScript from launching downloaded executable content;
• Blocks untrusted, unsigned processes running from USB;
• Blocks downloads from the Windows Local Security Subsystem (lsass. exe) to steal credentials (privilege escalation);
• Block process creation (lateral movement) originating from the PSExec and WMI commands.
5►
Check network security settings and policies
For a long time, enterprises have proactively set up fewer rules for network access. You should examine how your organization sets up workstation security configurations, review password security and policies, and consider adding multi-factor authentication to existing Active Directory to better identify weak passwords in your network. Be sure to enable quick and secure access using PIN, facial recognition or fingerprint, or enable other third-party MFA solutions, and review MFA policy options for proper configuration.
6►
Check the deployment process of computing devices and systems
To check whether the organization's process of deploying and installing computing devices and systems is standardized, make sure that the same local administrative password is not used when deploying the system. Some local administrator password solutions randomly generate and encrypt local administrator passwords, and you should check that the options for managing such solutions are configured correctly.
7►
Check the system backup strategy
Check what processes the organization uses to back up and protect important files, including checking the backup process to ensure that there are multiple backup methods, different backups should be placed on different types of storage media, and at least one backup location In a different place. Organizations should also consider using cloud storage as an additional backup method to further protect the security of important files.
8►
Check email system security
Faced with increasing email fraud and phishing attacks, organizations need to filter and scan emails to ensure that email security is checked and confirmed before entering employee terminal computing devices. Links attached to emails should be scanned for security when clicked, and if they are found to be malicious, access should be blocked and removed from the employee's inbox.
9►
Check the patching policy
When dealing with the patching process, security personnel should check for issues that the organization's network has experienced in the past. If edge devices do not have patching issues, you can simplify edge device updates and give them priority for updates. For computing devices with patching problems, it is necessary to examine the cause of the problem and the possible side effects of patching, and understand the mitigation measures that need to be taken to minimize the side effects of patching.
10►
Check endpoint devices for ransomware protection
As the threat of ransomware attacks increases, security personnel should ensure that antivirus and endpoint detection solutions can identify the typical symptoms of ransomware attacks. When file backups are suddenly deleted, or when Cobalt Strike activity and other suspicious activity occurs on the network, endpoint security solutions should be able to send early warnings before attackers start ransomware activities.
Reference link:
https://www.csoonline.com/article/3666692/10-tasks-for-a-mid-year-microsoft-network-security-review.html
Cooperation phone number: 18311333376
Cooperation WeChat: aqniu001
Submission email: [email protected]
