1: Change default passwords

It’s surprising how many devices and applications are protected by default usernames and passwords. Attackers are also well aware of this phenomenon. Not convinced? Run a Web search for default passwords, and you will see why they need to be changed. Using good password policy is the best way to go; but any character string other than the default offering is a huge step in the right direction.

2: Don’t reuse passwords

On more than one occasion, I’ve run into situations where the same username/password combination was used over and over. I realize it’s easier. But if I know this, I’m pretty sure the bad guys do as well. If they get their hands on a username/password combination, they’re going to try it elsewhere. Don’t make it that easy for them. There are many helpful password vaults that require you to only remember the master password to gain access to the vault. After that, it’s usually a matter of selecting the proper entry.

3: Disable user accounts when an employee leaves

Security breaches are easier to pull off when the attacker has insider information. That makes it essential to disable all IT accounts of a user who has terminated employment. It doesn’t matter whether the employee is leaving under amicable terms or not.

Determine baseline characteristics

In the past, when I’ve called my mentor with a problem I couldn’t solve, his first words would always be, “What’s changed?” After a few times, what he was trying to teach me finally sank in and I started paying attention to baseline characteristics. Baselining has two purposes:

• To understand what it means to be operating normally
• To simplify finding what’s not operating normally

I may be stating the obvious with regards to baselining, but defining it may help everyone realize how big a role it plays in the next three topics.

4: Examine security logs

Good administrators know about baselining and try to review system logs on a daily basis. Since this article deals with security breaches, I’d like to place special emphasis on security logs, as they’re the first line of defense.

For example, when reviewing a Windows server security log, the administrator comes across multiple 529 events (Logon Failure – Unknown user name or bad password). That should immediately raise an alert, with the administrator trying to determine whether a valid user has forgotten a password or an attacker is attempting to gain access.

Windows security logs are cryptic, to say the least, so having some kind of reference guide is beneficial. That’s where Randy Franklin Smith helps out; he has a Web page that defines most every Windows security log event. Randy also has a free reference chart that can be invaluable in explaining security log events.

5: Do regular network scans

Comparing regular network scans to an operational baseline inventory is invaluable. It allows the administrator to know at a glance if and when any rogue equipment has been installed on the network.

One method of scanning the network is to use the built-in Microsoft commandnet view. Another option, and the one I prefer, is to use freeware programs likeNetView. They’re typically in a GUI format and tend to be more informative.

Our project leaders have been working in the information security industry  for over twelve years.

• Developing, evaluating and implementing cyber security policy
• Conducting risk and vulnerability assessments
• Securing and optimizing critical and private IT systems

Most importantly, we commit to you as your partner in information security. Your problems are our problems; we are personally engaged with your project from initiation through completion, and dedicate ourselves to your needs when you retain our services on an ongoing basis. Throughout every consulting project, we share our best practices and corporate knowledge. In this way, we transfer our expertise to our customers, providing you with a level set and the ability to confidently monitor, manage, and improve your risk posture on an ongoing basis.

• Digital forensics services
• Vulnerability and risk assessments
• Internal and external penetration testing
• Policy and plan development
• Enterprise security architecture design and re-design
• Malicious code review
• Computer security incident response
• Engineering and architecture design
• Operations management
• Application and software security assurance
• Insider threat and APT assessment
• Social engineering (targeted phishing)
• IT risk management and compliance