Completely eliminating security breaches may be an impossible task — but that doesn’t mean you shouldn’t do everything possible to thwart attackers. Here are 5 easy-to-implement measures that will help protect your organization from security threats.
1: Change default passwords
It’s surprising how many devices and applications are protected by default usernames and passwords. Attackers are also well aware of this phenomenon. Not convinced? Run a Web search for default passwords, and you will see why they need to be changed. Using good password policy is the best way to go; but any character string other than the default offering is a huge step in the right direction.
2: Don’t reuse passwords
On more than one occasion, I’ve run into situations where the same username/password combination was used over and over. I realize it’s easier. But if I know this, I’m pretty sure the bad guys do as well. If they get their hands on a username/password combination, they’re going to try it elsewhere. Don’t make it that easy for them. There are many helpful password vaults that require you to only remember the master password to gain access to the vault. After that, it’s usually a matter of selecting the proper entry.
3: Disable user accounts when an employee leaves
Security breaches are easier to pull off when the attacker has insider information. That makes it essential to disable all IT accounts of a user who has terminated employment. It doesn’t matter whether the employee is leaving under amicable terms or not.
Determine baseline characteristics
In the past, when I’ve called my mentor with a problem I couldn’t solve, his first words would always be, “What’s changed?” After a few times, what he was trying to teach me finally sank in and I started paying attention to baseline characteristics. Baselining has two purposes:
- To understand what it means to be operating normally
- To simplify finding what’s not operating normally
I may be stating the obvious with regards to baselining, but defining it may help everyone realize how big a role it plays in the next three topics.
4: Examine security logs
Good administrators know about baselining and try to review system logs on a daily basis. Since this article deals with security breaches, I’d like to place special emphasis on security logs, as they’re the first line of defense.
For example, when reviewing a Windows server security log, the administrator comes across multiple 529 events (Logon Failure – Unknown user name or bad password). That should immediately raise an alert, with the administrator trying to determine whether a valid user has forgotten a password or an attacker is attempting to gain access.
Windows security logs are cryptic, to say the least, so having some kind of reference guide is beneficial. That’s where Randy Franklin Smith helps out; he has a Web page that defines most every Windows security log event. Randy also has a free reference chart that can be invaluable in explaining security log events.
5: Do regular network scans
Comparing regular network scans to an operational baseline inventory is invaluable. It allows the administrator to know at a glance if and when any rogue equipment has been installed on the network.
One method of scanning the network is to use the built-in Microsoft commandnet view. Another option, and the one I prefer, is to use freeware programs likeNetView. They’re typically in a GUI format and tend to be more informative.
olavolavs@gmail.com
06/09/2020
Read it.