Advisory Reveals Network Misconfigurations

Is your company guilty of any of the top 10 cybersecurity misconfigurations recently released in a joint cybersecurity advisory (CSA)? The list was created from assessments of large organization networks conducted by the Red and Blue teams of the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), and their Hunt and Incident Response teams.

The 10 Most Common Network Misconfigurations:

1. Default configurations of software and applications
2. Improper separation of user/administrator privilege
3. Insufficient internal network monitoring
4. Lack of network segmentation
5. Poor patch management
6. Bypass of system access controls
7. Weak or misconfigured multifactor authentication (MFA) methods
8. Insufficient access control lists (ACLs) on network shares and services
9. Poor credential hygiene
10. Unrestricted code execution

“You can learn from NSA’s experience working Red and Blue team engagements,” Rob Joyce, Director of Cybersecurity National Security Agency/Central Security Service, tweeted. “Bad actors will look for easy opportunities to exploit vulnerabilities and compromise networks.”

The CSA also details the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. According to the CSA, the issues illustrate a trend of systemic weaknesses in many large organizations, and how important it is for software manufacturers to adopt secure-by-design principles that will then mitigate the risk of compromise.

Among their recommendations, NSA and CISA urge software manufacturers to eliminate default passwords, mandate phishing-resistant Multi-factor Authentication (MFA) for privileged users, and make MFA a default rather than an opt-in feature.

Check out our blog post about MFA being a necessity in today’s cybersecurity landscape.

Keep Up with Configuration Best Practices

“In our vulnerability scans, the two root causes of vulnerabilities are software that is not up-to-date and misconfigurations,” says Ron Bebus, PrivaPlan CIO. “Regarding misconfigurations, I find that systems may have been configured correctly when installed, but over time, configuration best practices have changed, and the installed systems have not had their configurations updated to the new best practices.”

The security experts at PrivaPlan are ready to help companies understand and implement best practices, and mitigate risks. Contact us today!