Secure configuration

The National Cyber Security Center states “Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. They come with “everything on” to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data, often with ease.”

On a Windows 10 PC Microsoft has made it easy for users to download and install Apps. In a business environment, this ability could be exploited to allow a cyber criminal to plant malware. Organisations, therefore, need review and where necessary disable these standard features. They need to reduce security exposures while still permitting users to benefit from features that help them use IT systems effectively

It is hardly surprising that default configurations are one of the most common areas that cybercriminals exploit. Internal penetration tests have uncovered a network or service misconfiguration more than 96% of the time.

Highly regarded organisations such as the SANS Institute and the Council on CyberSecurity recommend that, following an inventory of your hardware and software, the most important security control is to implement secure configuration settings.

What you should do

Devise a security configuration policy for each system type. This sounds complex, but there are many resources out there with standardised recommendations. For instance, the UK’s Cyber essentials recommend:

  • Disable “Autorun” on Windows PCs & servers. This would prevent an installation from automatically starting (V-220828)
  • Make sure any installation requires “Elevated privileges” to ensure only authorised administrators can install new software to prevent inadvertent infection by ransomware (V-220857)
  • Ensure the system is running an Anti-virus program (V-220707)

Many of these recommendations (the V-number references above) are set out in the “Security Technical Implementation Guide” (STIG). It has high, medium and low category configuration recommendations for each system type. IT teams should review for the system types that are in their networks.

How Rebasoft can help

Built upon our continuous, automated asset discovery, Rebasoft can automatically verify recommended settings are in place by type of device. The system can identify any non-compliant systems. This fast, real-time assessment enables you to check that existing systems have relevant settings applied. It can also ensure any new system joining the network is assessed to ensure it is secure.

Out of the box, Rebasoft implement checks for the most common misconfigurations:

  1. STIG High category workstation and server configuration items
  2. Anti-virus coverage for workstations and servers
  3. Bitlocker encryption coverage of workstations
  4. Workstation firewall settings are enabled on Private, Public and Domain network zones
Learn more