Swordfish Communications We Give Your Business The Edge

Press Release



Gary Frisch / Swordfish Communications
856-767-7772 / gfrisch@swordfishcomm.com


10 Ways to Keep Your Company Out of the News

Cyber Security Expert Offers Easy-to-Implement Tips at ForenSecure 2016


CHICAGO, April 18, 2016 – Data breaches are all over the news, and the stereotype is that skilled hackers are using sophisticated methods to infiltrate organizations. But one cyber security expert says that the vast majority of breaches are the result of more simple means, usually taking advantage of easily correctible settings.

Speaking at ForenSecure 2016, a cyber security industry conference hosted by Illinois Institute of Technology, Ron Schlecht, Jr., of BTB Security in Philadelphia says there are things network administrators can do right now, at virtually no cost, in order to stay out of the news.

“Not all hacks are smoke, mirrors, and flashiness. More often than not, they take advantage of configuration settings that you’ve selected or, more likely, have just been ignoring,” Schlecht told his audience. “If you do nothing except these 10 things, you've already increased your chances of not being breached.”

Here are Schlecht’s top 10 tips for keeping your business out of the headlines:

1) Separate the Domain Administrator account from “everyday” accounts. Think of your DA as the feudal lord and guardian over your domain. Consequently, this account should be put on a pedestal, meaning that it should never be used in day to day “employee” tasks. Domain Administrators should have their personal account, and one specifically for Domain Administration tasks.

2) Create a stronger Domain Administrator password policy. This is almost a no-brainer. The more special characters and upper- and lower-case letters required, the better. The DA group password policy should be more strict than everyone else’s.

3) Allow the Domain Administrator to login only to domain controllers. Domain administration should be kept to functionality changed only on the domain controllers for the entire organization. Reduce where these “super user” accounts can login, and you’ve shrunken your attack surface internally.

4) Delegate rights to users only as needed. Other IT folks need to be able to change passwords, add people to groups, add computers to the domain, etc. You can, and should, create delegated rights to allow the appropriate personnel to do this. In doing so, they’ll only have rights to carry out explicit functions.

5) Disable cached credentials. It’s an awesome feature that allows you to login to your computer if you’re off network, but the credentials that are cached or “stored” can be dumped out and then cracked. For computers that will never leave the confines of your office, turn cached credentials off. For computers like laptops that will leave, minimize the attack by turning the setting to 1 or 2.

6) Take advantage of Microsoft Security Compliance Manager. It’s free, so there’s no excuse for not using this, regardless of your business size. SCM delivers baseline policies based on security best practices, and they’re customizable to the needs of your organization.

7) Disable NULL sessions. A NULL session is an anonymous connection to a network service, but it is susceptible to attackers trying to gather information about the system. There is no good reason for this to be enabled, and you’re only making an attacker’s job easier.

8) Disable LLMNR / NBNS Protocols. It’s a mouthful, but the Linked Local Multi-Cast Name Resolution Protocol, which allows your machine to perform name resolution for hosts on the same local link, can be vulnerable to hackers, as can the NetBIOS Naming Service. Keep it enabled, and a computer set up in your organization can easily grab the credentials of susceptible computers, crack the passwords, or carry-out a relay attack.

9) Set SMB Signing to Enabled AND Required. Also known as Security Signatures, Server Message Block Signing can significantly enhance network security…if you use it right. Many don’t, and they’ve learned the lesson.

10) Do not store passwords within Group Policy Preferences (GPP). Group Policy Preferences deliver preference settings to domain-joined computers running Microsoft Windows desktop and server operating systems. Preference settings are administrative configuration choices deployed to desktops and servers. Store passwords there, and they are unfortunately easy to dump out and crack.

About BTB Security
BTB Security is an industry-leading information security consulting, digital forensics and managed security services company. It has extensive experience in helping many types of organizations achieve the next level of security. By working to understand clients’ business goals, develop a trusted advisor relationship, and innovate their techniques, BTB has helped clients secure their enterprises with highly qualified and credentialed security professionals. Founded in 2006, BTB Security is a privately owned company with headquarters in Philadelphia. For more information, visit www.btbsecurity.com.


Click here to go back to the Captain's Log.