The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, Retail, Financial Services, Healthcare, Higher Education, Payments, Government.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.
The Coalfire Blog
Whether you are a large or small business, beware of these 5 common security problems
March 11, 2013, Mike Weber, Vice President, Coalfire Labs
Every January, the trade press if full of new year’s resolution-like advice… things to do in the coming year, even Coalfire made a few predictions for 2013. I work at Coalfire Labs, and since our business is IT security and testing, we want to share some advice on how to avoid your systems and accounts from being breached. While larger companies may feel they can skip some of these steps, and still remain safe, TJX, the parent company of T.J. Maxx and Marshalls learned the hard way the damages a breach can cause. Information from up to tens of millions of credit and debit cards was stolen costing TJX millions of dollars to get the problem under control. With this in mind, here is a list of five issues companies are prone to make, and ways to avoid negative ramifications.
Humans are your weakest link: As soon as you realize that the easiest way into your network is through your people, you will be able to take your SMB security to the next level.
Weak passwords: weak passwords are still the most common technical issue we see. What most people don’t realize is that in a business environment, it usually only takes one mistake like a weak password, to put your entire organization at risk. Numerous small attacks are usually chained together to completely compromise an environment… and they often begin with a weak password. Any time a new piece of software, server or workstation is deployed, be sure to change the default credentials. Also make sure to use long and complex passwords. Adopting “pass phrases” are ideal. For example “YesterdayIWentTotheStore601!” is a far better password than *()kL.
Password reuse is bad: A very common attack scenario is to compromise a single system, dump the passwords from that system and come to find those passwords work on every other machine. If you use different administrative passwords, you will severely limit your exposure.
Don’t trust the internal network: People still think that as long as the external network is secured, they are OK. The internal network is just as critical, in fact it is usually where all your most important data resides, so why not protect it? Often, all it takes is one “drive by attack” or luring a user to a site to gain access to an internal network. We recommend to our customers that they should apply the same principles to the internal network as they do the external.
Firewall off Microsoft SMB (TCP 139/445): Closing this port, or firewalling it off prevents pass the hash attacks. We see this port open in most environments. It is convenient for administrators to use this port for installing software and helping users, but it is a major attack vector. Usually only file servers need this port open, and even so, disabling the default “administrative” shares is recommended (i.e. C$). If it is needed, utilize windows firewall GPOs to isolate who can access this port/shares.
While it is true everyone makes mistakes, the tips above help prevent these mistakes from becoming a nightmare. No one wants to have the reputation of being breached, and no one wants to pay the costs. Keep these tips in mind next time you use a password and hope that other companies follow these rules too, to keep your information safe as well. If you have concerns with your network or application security feel free to contact us to learn how Coalfire Labs can assist your organization.
<< Go Back
Blog post currently doesn't have any comments.