This document provides recommendations for strengthening information security by addressing common issues found in internal networks. It identifies weak password policies, default accounts, unnecessary local privileges, vulnerabilities in the Windows architecture, misconfigured WPAD, antivirus software issues, lack of network segmentation, and no patch management as frequent problems. The document recommends implementing strong password policies, disabling unused accounts, restricting privileges, following the principle of least privilege, disabling WPAD if unused, configuring antivirus self-defense, implementing network segmentation with whitelisting, and establishing patch management.
5. My own TOP of security issues, related to internal networks:
1. Weak password policy
2. Default accounts
3. Local accounts/unnecessary privileges
4. Windows architecture
5. WPAD configuration mismatch
6. Antivirus software configuration mismatch
7. No network segmentation
8. No patch management
6. Weak password policy
Description
Easy to bruteforce
Common Targets
Directory Service (Active Directory/Lotus Domino/LDAP/Novell/etc)
Recommendations
Implement strong password policy, just follow next rules:
- 8 chars (at least)
-Lower, upper case
-Alpha-Numeric
Check for common passwords once a day (at least)
- Special chars
- Change every 60 days
7. Default accounts
Description
Easy to bruteforce
Common Targets
DBs, network devices (routers/printers/etc)
Recommendations
-Disable all unused accounts
-Set strong password
8. Local accounts/unnecessary privileges
Description
Local administrator accounts/privileges – is bad
Common Targets
Windows hosts
Recommendations
-Disable accounts of local administrators on Windows hosts
-Do not use GP to manage accounts of local administrators on Windows hosts
9. Windows architecture
Description
You can’t prevent it, if you use it
Common Targets
Windows hosts
Recommendations
-Follow principle of minimal privileges
-Use privileged accounts for administration tasks only
-Implement two factor authentication for privileged accounts
-Implement patch management
10. WPAD configuration mismatch
Description
Very useful for corporate users if implemented, and for attacker – if not
Common Targets
Windows hosts
Recommendations
Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented
11. Antivirus software configuration mismatch
Description
Antivirus software can be disable with local admin privileges
Common Targets
Windows hosts
Recommendations
Configure self defense feature of antivirus software
12. No network segmentation
Description
No restrictions and no data filtration on network level
Common Targets
Network topology
Recommendations
Implement data filtration – it is better to use white lists for access
13. No patch management
Description
MS08-067 still can be found during penetration test
Common Targets
Windows/Unix hosts
Recommendations
Implement patch management