These five tasks should give you some peace of mind that you are taking major steps to protect your network from hackers. When attacking companies, hackers have a tendency to attack the low hanging fruit first. Following these steps will allow you to remove some of your most accessible fruit.
1. Perform regular penetration tests
Performing regular (i.e. quarterly) pentests of your network is an invaluable way to use hackers to protect your network from other hackers. LMG Security’s consultants most often perform blackbox tests, where the consultant has no insider information or account access and must use similar attacks that a real adversary would use. From there, the consultant’s goal is to gain access to the “crown jewels” of the network data. Most importantly, the consultant will clearly document each step of the way in a penetration testing report. The reports are usually between 30 and 50 pages and should contain risk ratings, proof of concepts and steps to fix the security issues. Contact LMG for more information!
2. Bolster domain password policy
Imagine a hacker has gained control of a computer on your internal network through a phishing attack, exploiting an externally exposed service, physical access to the building, wireless attack, or any other method. The hacker’s next step will be to gain control of a normal domain user account. Once a domain user account is obtained, a local administrator account will be the target, and then finally a Domain Administrator account. This process is called privilege escalation. While there are other methods of access without cracking passwords, most often each step includes password cracking. The stronger your password policy is, the longer each step will take! Having a strong password policy of at least 14 characters minimum with complexity will give you valuable time to react, identify and stop the attack before your crown jewels can be seized. However, this alone will only slow down the attack at best, which is why it must be one of many pieces to your network defense. Click here to learn more about password security!
3. Disable unused network services
Every internal network is an ecosystem that experiences change and evolution. Remnants of old software and services are often left behind. Once inside your network, hackers will perform a scan of all running network services and identify the ones which can be easily exploited. It is essential to regularly review what network services are running, what ports are listening, and proactively shut anything off that is no longer needed. If you don’t know what services are configured and listening on ALL of your internal assets, a hacker may be able to get an easy foothold into your network.
4. Identify and patch vulnerable services
Some network services have a reputation for being easily exploited and are much more common than you may think. For example, if you haven’t explicitly disabled them, the LLMNR and WPAD services are almost definitely running on your Windows domain. These services run by default on all Windows environments and are waiting for a hacker to start harvesting domain credentials with ease. Also, a good patching policy goes a long way to proactively protect software from exploitation.
5. Review Active Directory for configuration weaknesses
When is the last time you’ve done a security review of your Active Directory configuration? Once a hacker has access to a domain-joined computer, they’ll be able to query your Active Directory configuration and pull out any administrator passwords stored in Group Policy Preferences. (Yes, even if the passwords are encrypted with cpassword, Microsoft has published the cpassword decryption key here). Another common attack is to search for any Service Principal Names (SPNs) mapped to domain user accounts (service accounts, so usually highly-privileged) and perform a “Kerberoast” attack against them, pulling administrator password hashes from Active Directory in the blink of an eye.
Hackers are counting on your network to have a large attack surface and be full of weak passwords. IT managers have the power to remove low hanging fruit and protect the whole company’s infrastructure. If you have any questions about what you can do to thwart hackers, feel free to contact us at [email protected].
© 2017 LMG Security. All rights reserved.