Monday

Tag: MFA

10 Steps to Securely Configuring Windows 10

Windows 10 is the most popular operating system in the world, but it also comes with some security risks. If you want to protect your data and privacy, you need to configure Windows 10 for security. Here are 10 steps you can follow to make your Windows 10 more secure.

  1. Update Windows 10 regularly – Windows 10 updates often include security patches and bug fixes that can prevent hackers from exploiting vulnerabilities in your system. To check for updates, go to Settings > Update & Security > Windows Update and click on Check for updates. If there are any available updates, install them as soon as possible.
  2. Use a strong password and a PIN – A strong password is one that is long, complex, and unique. It should include a mix of uppercase and lowercase letters, numbers, and symbols. A PIN is a four-digit code that you can use to unlock your device instead of typing your password. To set up a password and a PIN, go to Settings > Accounts > Sign-in options and choose Password and PIN. Make sure you don’t use the same password or PIN for other accounts or devices.
  3. Enable BitLocker encryption – BitLocker is a feature that encrypts your hard drive, making it unreadable to anyone who doesn’t have the right key. This can protect your data in case your device is lost, stolen, or hacked. To enable BitLocker, go to Settings > System > About and click on Device encryption. If your device supports BitLocker, you will see a Turn on button. Click on it and follow the instructions.
  4. Use Windows Defender Firewall and antivirus – Windows Defender Firewall is a feature that blocks unauthorized network connections, preventing hackers from accessing your device or data. Windows Defender antivirus is a feature that scans your device for malware and removes any threats. To use Windows Defender Firewall and antivirus, go to Settings > Update & Security > Windows Security and click on Firewall & network protection and Virus & threat protection. Make sure they are both turned on and up to date.
  5. Enable two-factor authentication – Two-factor authentication is a feature that adds an extra layer of security to your online accounts. It requires you to enter a code or use an app on your phone after entering your password, verifying your identity. To enable two-factor authentication, go to Settings > Accounts > Sign-in options and click on Security key or Windows Hello. Follow the instructions to set up your preferred method of two-factor authentication.
  6. Use a VPN service – A VPN service is a feature that encrypts your internet traffic, hiding your IP address and location from prying eyes. This can protect your privacy and security when you use public Wi-Fi or access geo-restricted content. To use a VPN service, you need to download and install a VPN app from the Microsoft Store or a trusted website. Then, launch the app and connect to a server of your choice.
  7. Disable unnecessary services and apps – Some services and apps that come with Windows 10 may not be essential for your needs, but they can consume resources and pose security risks. To disable unnecessary services and apps, go to Settings > Apps > Apps & features and click on the service or app you want to uninstall or modify. You can also go to Settings > Privacy and review the permissions that each app has access to.
  8. Use a secure browser and extensions – A secure browser is one that protects your online activity from trackers, ads, and malicious websites. A secure extension is one that enhances the functionality of your browser without compromising your security or privacy. To use a secure browser and extensions, you can choose one of the following options:
    • Use Microsoft Edge, which is the default browser for Windows 10. It has features like SmartScreen, Tracking Prevention, InPrivate mode, and Password Monitor that can improve your security and privacy.
    • Use Google Chrome, which is the most popular browser in the world. It has features like Safe Browsing, Incognito mode, Password Checkup, and Sync that can improve your security and privacy.
    • Use Mozilla Firefox, which is the most privacy-focused browser in the world. It has features like Enhanced Tracking Protection, Private Browsing mode, Lockwise, and Monitor that can improve your security and privacy.
  9. Backup your data regularly – Backing up your data is a feature that copies your files to another location, such as an external hard drive or a cloud service. This can protect your data from accidental deletion, corruption, or ransomware attacks. To protect your data regularly, go to Settings > Update & Security > Backup and click on Add a drive or Backup options. Choose where you want to store your backup files and how often you want to backup.
  10. Educate yourself on cyber threats and best practices – The most important feature for securing your Windows 10 is your own knowledge and awareness. You need to learn how to recognize and avoid common cyber threats, such as phishing, malware, or social engineering. You also need to follow best practices, such as using strong passwords, updating your software, and locking your device when not in use. You can find more information and tips on how to secure your Windows 10 on the Microsoft website or other reputable sources.

Cloud Security Best Practice

There are several things you can do to improve the security of your online cloud environment. Protect your business assets by enabling specific controls when available.

  1. Access Control – Enable Multi-Factor Authentication (MFA) and Conditional Access when possible. This means requiring not just usernames and passwords to access your critical cloud-based systems, but also requiring multi-factor authentication. Instead of allowing user access with just something you know (password), also require a user to prove their identity with something they have (cellphone) or something they are (fingerprint). You may also be able to enable conditional access, which allows an administrator to add additional requirements to your login process, like only allowing you to log into the cloud environment using an authorized laptop, from a specific location, etc.
  2. Improve Security Posture – Use the tools available from your cloud provider to improve your overall security posture. Microsoft Azure offers a secure score rating, showing you recommended actions and comparing your security profile to other tenants. This can drive security changes that you may not even know are possible and provide instructions specific to your environment.
  3. Secure Your Applications – Train your developers in security best practices such as Security Development Lifecycle (SDL) and test for common development issues using OWASP as a guide. Encrypt everything possible, including all internal and external connections. All data that is stored or processed should also be encrypted. Your backups should be encrypted and stored in a secure location away from the production data. Review your relationships with all vendors to make sure it is crystal clear who is responsible for all aspects of your security. You are responsible for everything unless it is specifically stated otherwise in your vendor contract.
  4. Understand and Mitigate Risks – Use best practice guidelines to identify threats and build processes to protect all your systems from known threats, detect any attacks that malicious groups may use in an attack in your environment, and respond to threats and attacks before your systems can be compromised. You should utilize a security information and event management (SIEM) system to collect the logs from all systems. Once the logs are in a central location you can build alerts when specific events occur, as well as identify risky behavior before the systems can be compromised.
  5. Maintain Network Security – Even through the cloud moves systems outside of your on-premise environment, the proper configuration of your firewall is still very important. Controls still need to be in place to protect the perimeter, detect hostile activity, and respond to all possible threats. A web application firewall (WAF) protects web apps from common exploits like SQL injection and cross-site scripting. Using concepts like virtual networking and subnet provisioning, you can micro-segment your network to provide additional security as you work toward zero trust networking. Enable your endpoint firewall, like Windows firewall, to properly protect the endpoints as they move outside your protected on-premise network.

While protecting your company assets from a constantly evolving threat landscape can seem an impossible (and expensive) task, some basic security processes can start you down the path towards a best-practice security environment. Don’t try to do everything at once. Start simple with the goal of constant improvement.

10 Steps to Stopping Lateral Movement Attacks

It is estimated that over 75% of cyber attacks come from outside your network. While every attack is unique and tactics may vary, the basic stages of an outsider attack are similar. During the attack, an attacker uses four basic steps to gain a foothold in your environment.

  1. Attack the perimeter – Gain access through any perimeter protections to gain access to the internal resources of the network, like a user’s computer or a server-based resource on the internal network. This can be accomplished using a known vulnerability, or by convincing the user to run a program from an email link or attached file.
  2. Malware Drop – Once they have access to an internal resource, they drop malware onto the endpoint and begin communications to the compromised device, usually though a command and control system. Using the permissions of the current user, they gather intelligence about the network and attempt to elevate their permissions on that endpoint.
  3. Lateral Movement – They now start looking for resources on other systems on the same internal network. As new systems are discovered, they are also compromised and start communicating with the attackers command and control system. They gather more intelligence and try to elevate their permissions on all compromised systems.
  4. Trigger Payload – Once your network and systems are owned by the attacker, they start exfiltrating and/or encrypting the files on the compromised internal resources. Game Over.

There are some common mitigation strategies your organization can implement to help prevent lateral movement (step 3 shown above) during an attack. You won’t always detect the initial compromise of an internal resource, but you can limit the damage that can be inflicted by implementing some basic security steps.

Here are 10 Steps to a reducing a lateral movement attack:

Continue reading “10 Steps to Stopping Lateral Movement Attacks”

8 Small Business Cybersecurity Tips

There are about 80 million businesses worldwide who meet the “small or medium business” (SMB) definition. Businesses with less than 300 employees can’t always afford someone to tell them what they can do to develop a more mature security posture or how to educate employees to be smarter about their cybersecurity practices. Most of the successful cybersecurity attacks are with small businesses and small government entities. Since the average cyberattack will cost them about $200k and a ransomware attack can force them out of business, we should talk about the basics of cybersecurity defense.

  1. Make sure you require complex passwords for every system. This means changing any vendor default passwords, not allowing simple or common passwords, and teaching your employees how to select a good password.
  2. Configure Multi-Factor Authentication (MFA) on all accounts. Just by requiring MFA to access business accounts you can prevent about 99% of all online attacks. The hackers might steal or guess your password, but it is much harder to access something like your cellphone.
  3. Use a separate account for performing administrative tasks for all your on-premise and cloud business accounts. Use this new account to only perform administrative actions, not to browse the internet or check email, and your risk of account compromise is significantly reduced.
  4. Install, properly configure, and use an antivirus solution that accesses the cloud to better protect your systems from the internet threats. This includes all your user computers and all servers.
  5. Backup your important files to the cloud. Using an automated solution to automatically backup your files to the cloud can prevent a successful ransomware attack from locking you out of your critical files.
  6. Don’t allow your users to configure email auto-forwarding rules in O365. If your account is hacked, one of the first things the attacker will do is configure auto-forwarding rules to exfiltrate your data to their systems across the internet. If you prevent this activity, it will slow down the attack and allow you more time to react. With alerts configured, you will get an email when the attacker attempts to create a new rule, giving you notice that an attack is underway.
  7. Use your available online tools to get tips and suggestions. Things like the Microsoft O365 Secure Score can be a really helpful source of useful tips and techniques for leveraging many more security settings to improve your overall security, and these tips are free just for having an O365 account.
  8. Educate your users about the threats on the internet. Billions of users have internet access, and not all of them have your best interests in mind. Warn users about sharing too much personal information on social media, discuss how to identify phishing emails, and provide guidance on who they need to contact if they aren’t sure about clicking on a link.

You need to think about how you use the services and systems that you have access to each day and determine what data you share has value, what processes are at a high risk, and how a malicious user might monetize your activity. A little work today can pay big dividends during an attack.

Follow these simple tips to start getting some confidence around your security posture, and build on each item as threats and systems change.

10 Steps to Stopping Lateral Movement Attacks

It is estimated that over 75% of cyber attacks come from outside your network. While every attack is unique and tactics may vary, the basic stages of an outsider attack are similar. During the attack, an attacker uses four basic steps to gain a foothold in your environment.

  1. Attack the perimeter – Gain access through any perimeter protections to gain access to the internal resources of the network, like a user’s computer or a server-based resource on the internal network. This can be accomplished using a known vulnerability, or by convincing the user to run a program from an email link or attached file.
  2. Malware Drop – Once they have access to an internal resource, they drop malware onto the endpoint and begin communications to the compromised device, usually though a command and control system. Using the permissions of the current user, they gather intelligence about the network and attempt to elevate their permissions on that endpoint.
  3. Lateral Movement – They now start looking for resources on other systems on the same internal network. As new systems are discovered, they are also compromised and start communicating with the attackers command and control system. They gather more intelligence and try to elevate their permissions on all compromised systems.
  4. Trigger Payload – Once your network and systems are owned by the attacker, they start exfiltrating and/or encrypting the files on the compromised internal resources. Game Over.

There are some common mitigation strategies your organization can implement to help prevent lateral movement (step 3 shown above) during an attack. You won’t always detect the initial compromise of an internal resource, but you can limit the damage that can be inflicted by implementing some basic security steps.

Here are 10 Steps to a reducing a lateral movement attack:

Continue reading “10 Steps to Stopping Lateral Movement Attacks”

Protecting High-Profile Employees from Cyber Attacks

As you look to protect your employees from a cyberattack, there are specific steps you must take that include training your employees how to detect and avoid phishing emails, training all employees on how to select and protect a complex password, helping employees configure and use MFA for all their business accounts, providing secure laptops to remote workers, etc. But what about those employees that present a higher risk, based on their knowledge, location, system access, or activity? Higher profile targets have a greater risk of attack and breach of essential data, so what can you do to provide elevated security?

As with a lot of things in life, a “one size fits all” type of security may not adequately protect these high-profile accounts from compromise. Many of your users may be low risk users that aren’t subject to a concentrated attack. All accounts must be protected to prevent a successful attack on a common user from being leveraged to gain access to the privileged accounts. Privileged accounts (usually an administrator-level account) must be protected to prevent an attacker from using stolen credentials used by these privileged accounts to gain elevated access to the network and company resources.

Traditional high-profile accounts also belong to executive members, members of the finance team, the payroll department, and accounts used to control corporate social media accounts. Continue reading “Protecting High-Profile Employees from Cyber Attacks”

Cloud Security Best Practice

There are several things you can do to improve the security of your online cloud environment. Protect your business assets by enabling specific controls when available.

  1. Access Control – Enable Multi-Factor Autherntication (MFA) and Conditional Access when possible. This means requiring not just usernames and passwords to acccess you critical cloud-based systems, but also requiring multi-factor authentication. Instead of allowing user access with just something you know (password), also require a user to prove their identify with something they have (cellphone) or something they are (fingerprint). You may also be able to enable conditional access, which allows an administrator to add additional requirements to your login process, like only allowing you to log into the cloud envirnment using an authorized laptop, from a specific location, etc.
  2. Improve Security Posture – Use the tools available from your cloud provider to improve your overall security posture. Microsoft Azure offers a secure score rating, showing you recommended actions and comparing your security profile to other tenants. This can drive security changes that you may not even know are possible and provide instructions specific to your environment.
  3. Secure Your Applications – Train your developers in security best practices such as Security Development Lifecycle (SDL) and test for common development issues using OWASP as a guide. Encrypt everything possible, including all internal and external connections. All data that is stored or processed should also be encrypted. Your backups should be encrypted and stored in a secure location away from the production data. Review your relationships with all vendors to make sure it is crystal clear who is responsible for all aspects of your security. You are responsible for everything unless it is specifically stated otherwise in your vendor contract.
  4. Understand and Mitigate Risks – Use best practice guidelines to identify threats and build processes to protect all your systems from known threats, detect any attacks that malicious groups may use in an attack in your envirnment, and respond to threats and attacks before your systems can be compromised. You should utilize a security information and event management (SIEM) system to collect the logs from all systems. Once the logs are in a central location you can build alerts when specific events occur, as well as identify risky behavior before the systems can be compromised.
  5. Maintain Network Security – Even through the cloud moves systems outside of your on-premise environment, the proper configuration of your firewall is still very important. Controls still need to be in place to protect the perimeter, detect hostile activity, and respond to all possible threats. A web application firewall (WAF) protects web apps from common exploits like SQL injection and cross-site scripting. Using concepts like virtual networking and subnet provisioning, you can micro-segment your network to provide additional security as you work toward zero trust networking. Enable your endpoint firewall, like Windows firewall, to properly protect the endpoints as the move outside your protected on-premise network.

While protecting your company assets from a constantly envolving threat landscape can seem an impossible (and expensive) task, some basic security processes can start you down the path towards a best-practice security environment. Don’t try to do everything at once. Start simple with the goal of constant improvement.

 

Multi-Factor Authentication (MFA) for Office 365

What is Multi-Factor Authentication

Multi-factor authentication (MFA) is basically an authentication method in which a computer user is granted access to computer systems only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user is). This is usually implemented by the user providing the traditional password along with another form of authentication, usually in the form of something they have. In most modern implementations this requirement is accomplished using a one-time code or authentication application the user has access to on their mobile device.

Using Multi-Factor Authentication

With O365 resources being available from anywhere in the world, it brings great opportunity for a business to operate without boundaries or time zones. As a business expands or business users travel they have unrestricted access to documents, data, and online services from everywhere on the planet. What cyber-security professionals know is that this flexibility also provides criminals the same access opportunities to steal your data from anywhere in the world.

Continue reading “Multi-Factor Authentication (MFA) for Office 365”

10 Steps to Stopping Lateral Movement Attacks

It is estimated that over 75% of cyber attacks come from outside your network. While every attack is unique and tactics may vary, the basic stages of an outsider attack are similar. During the attack, an attacker uses four basic steps to gain a foothold in your environment.

  1. Attack the perimeter – Gain access through any perimeter protections to gain access to the internal resources of the network, like a user’s computer or a server-based resource on the internal network. This can be accomplished using a known vulnerability, or by convincing the user to run a program from an email link or attached file.
  2. Malware Drop – Once they have access to an internal resource, they drop malware onto the endpoint and begin communications to the compromised device, usually though a command and control system. Using the permissions of the current user, they gather intelligence about the network and attempt to elevate their permissions on that endpoint.
  3. Lateral Movement – They now start looking for resources on other systems on the same internal network. As new systems are discovered, they are also compromised and start communicating with the attackers command and control system. They gather more intelligence and try to elevate their permissions on all compromised systems.
  4. Trigger Payload – Once your network and systems are owned by the attacker, they start exfiltrating and/or encrypting the files on the compromised internal resources. Game Over.

There are some common mitigation strategies your organization can implement to help prevent lateral movement (step 3 shown above) during an attack. You won’t always detect the initial compromise of an internal resource, but you can limit the damage that can be inflicted by implementing some basic security steps.

Here are 10 Steps to a reducing a lateral movement attack:

  1. Malware and Virus Detection – Install and properly configure an anti-malware and anti-virus solution on every endpoint. This offers, as a minimum, basic protection from known malware signatures, and probably offers advanced heuristic protection algorithms to detect behavior to indicate malicious activity even on zero-day attack attempts. The Microsoft Defender endpoint protection features in Windows 10 is a good example of this type of software that is highly rated and very effective.
  2. Standard User Accounts – Since users are usually the ones that allow the initial compromise through drive-by downloads or clicking on a phishing email, you must limit the power of the malware by limiting the power of the user. Require all users to login with a standard standard user account and don’t make them a local administrator on any computer. Even administrators should log into their computer with a standard account as a normal practice. They should only log into systems with administrative rights when they need to actually perform administrative tasks.
  3. Enforce Least Privilege – Only allow users access to systems if they have a business need to that resource. Only allow the minimum privileges to allow the user to do exactly what they need to do, nothing more. This helps prevent malware from using the users permissions to gain unauthorized access to sensitive data.
  4. Multifactor Authentication – Implement multi-factor authentication for access to internal and external systems, all applications, and  even social media. This basically requires the user to approve access through an mobile application or SMS message before their computer password is accepted. This means that even if a user’s password is stolen or guessed by an attacker, they can’t access the resource without the user’s cellphone.
  5. Conditional Access Controls – Restricting access based on static elements like location, operating system, or even time of day is a basic control that limits account login, even with approved credentials, to enforce compliance dynamically. Microsoft O365 and Azure offers a wide range of conditional access features based on location, operating systems, user risk, etc. to add security options for greater account protections.
  6. Strong Password Management – Require strong passwords that are different for every account. Never allow users to reuse passwords and encourage users to use password managers so they have strong password hygiene. Block common unsafe passwords (i.e. password1, qwerty123, etc.) and configure systems to log password failure attempts. Configure systems and devices to change or eliminate default passwords and  require every system to have a unique passwords across all privileged accounts. Never store passwords inside a script. Implement SSH key management tools.
  7. Patch Management – Configure systems and devices to automatically download and install vendor patches as soon as they become available. If the system needs to be tested before any patch is applied, do the testing as soon as possible to target installing all vendor patches within 30 days. Less vulnerabilities mean it is harder for an attacker to get into a system through a software security weakness.
  8. Network Segmentation – Group assets (users, application servers, etc.) into logical units that do not trust each other. Segmenting your network reduces the “line of sight” access attackers must have into your internal systems. For access that needs to cross trust zones, require a secured jump server with multi-factor authentication, adaptive access authorization, and session monitoring. If malware can’t access systems, it severely limits an attackers ability to jump from one system to the next. Where possible, go beyond standard network segmentation to segment based on context of the user, role, application and data being requested.
  9. Implement Threat Behavior Monitoring – Implement base security event monitoring and log events that will help you later understand what systems were compromised. Using  advanced threat detection (including user behavior monitoring) you can quickly detect compromised account activity as well as symptoms of insider privilege misuse.
  10. Application Whitelisting – If possible, implement policies to only allow known good applications to execute while you block and log all other applications launch attempts. Windows 10 allows you to implement this functionality using AppLocker. As a minimum you can pre-install the software required by a user and block them from installing any new software.

While backups will not help prevent a successful lateral movement attack, if your files are compromised by an attack your only remediation may be to restore/replace the missing or encrypted files from a recent backup. Don’t forget to include offline backups in your security efforts as a safely net when all preventative measures fail.

While none of these steps will prevent a successful attack on their own, a combination of tactics can truly limit the ability of a successful attack from doing severe damage to your business.  By limiting the scope of an attack you can reduce the cost of recovery, limit the scope/quantity of lost or damaged files, prevent a compromise of critical business intelligence, and build confidence in your ability to protect critical business assets.

Simple Cybersecurity for 2020

There are about 80 million businesses worldwide who meet the “small or medium business” (SMB) definition. Businesses with less than 300 employees can’t always afford someone to tell them what they can do to develop a more mature security posture or how to educate employees to be smarter about their cybersecurity practices. Most of the successful cybersecurity attacks are with small businesses and small government entities. Since the average cyberattack will cost them about $200k and a ransomware attack can force them out of business, we should talk about the basics of cybersecurity defense.

  1. Make sure you require complex passwords for every system. This means changing any vendor default passwords, not allowing simple or common passwords, and teaching your employees how to select a good password.
  2. Configure Multi-Factor Authentication (MFA) on all accounts. Just by requiring MFA to access business accounts you can prevent about 99% of all online attacks. The hackers might steal or guess your password, but it is much harder to access something like your cellphone.
  3. Use a separate account for performing administrative tasks for all your on-premise and cloud business accounts. Use this new account to only perform administrative actions, not to browse the internet or check email, and your risk of account compromise is significantly reduced.
  4. Install, properly configure, and use an antivirus solution that accesses the cloud to better protect your systems from the internet threats. This includes all your user computers and servers.
  5. Backup your important files to the cloud. Using an automated solution to automatically backup you files to the cloud can prevent a successful ransomware attack from locking you out of your files.
  6. Don’t allow your users to configure email auto-forwarding rules. If your account is hacked, one of the first things the attacker will do is configure auto-forwarding rules to exfiltrate your data to their systems across the internet. If you prevent this activity, it will slow down the attack and allow you more time to react. With alerts configured, you will get an email when the attacker attempts to create a new rule, giving you notice that an attack is underway.
  7. Use your available online tools to get tips and suggestions. Things like the Microsoft O365 Secure Score can be a source of useful tips and techniques for leveraging many more security settings to improve your overall security, and these tips are free just for having an O365 account.

You need to think about how you use the services and systems that you have access to each day and determine what data you share has value, what processes are at a high risk, and how a malicious user might monetize your activity. A little work today can pay big dividends during an attack.

Follow these simple tips to start getting some confidence around your security posture, and build on each item as threats and system change.

October is Cybersecurity Awareness Month

Initiated by the Department of Homeland Security, October is recognized globally as Cybersecurity Awareness Month. It is commemorating its 15th year as an annual campaign. Supporters engage in social activities to raise awareness around cybersecurity by educating businesses and individuals on
industry trends, cybersecurity threats, and best practices.

12 Tips for Online Safety

Continue reading “October is Cybersecurity Awareness Month”

Please Select a Better Password

In light of the ever more frequent online breaches, we should talk again about picking a good password. People continue to pick and use poor passwords to protect their valuable information. You might not think your password is important or sought after by hackers, but it really is the only thing between the entire world and your personal online accounts.

If you have a password of eight random letters, there are about 200 billion possible password combinations. If a hacking program like Hashcat had to try them all, it would be done in about 4 minutes. If you add mixed casing and numbers into the mix, you increase the number of possible passwords and by increasing the length to 12 characters we can catapult the number of password possibilities to about 4 sextillion. When talking about the number of possibilities which are now available to users,  it would take Hashcat an estimated lifetime to work through all the possible combinations.

However, this math does not take the human factor into account. You want to select a combination of characters that you can remember and isn’t too difficult to enter a few times each day. The password also has to work within the limits imposed by the website or application where you created the password. People wanting to crack your password are also aware of those limitations. In fact, there are extensive lists of common password terms available on the internet, sorted by their popularity. The password cracking programs will just try those more common words and their common iterations  first, and that will allow for increased odds of success in a much shorter time.

Continue reading “Please Select a Better Password”

%d bloggers like this: