3 easy ways to make your Windows network harder to hack

Hello again. This is Susan Bradley for CSO Online. Today, we’re going to talk about some techniques that aren’t new. They’ve been around for a long time, probably not sexy or anything that you go, gee, wow. They are tried and true things, especially for domain based networks. But clearly we’re still not doing them too well because we still have vulnerabilities in and exploits in the news, don’t we? As many of you know, the FTC settled with Equifax over their security breach and there was an interesting blog post that came out that talked about some of the basics that they failed to do. That’s actually quite surprising. Again, they’re not sexy techniques: patch or software segment your network monitor for intruders, but when you don’t get the basics. That’s where we’re having the big issues. And I’d add one more, making sure you have a good backup, especially when it comes to ransomware. So here we go again with a another session of how to not be low hanging fruit. So here’s some lessons learned from Equifax. Make sure that employees follow up on patching processes. Make sure that you check to see if a patch is needed. Make sure your automated scanners are actually doing what they’re supposed to do. Make sure you segment your network to limit how much sensitive data an attacker can steal. Make sure you store admin credentials and passwords in proper locations. Don’t do them in plain text files. Make sure you update security certificates and make sure you detect intrusions on even legacy systems. As we start 2020, take a step back and look at your network. See if there are places where you’re putting data that shouldn’t be there. Look at the kinds of data you have on your network. There’s typically four levels, public data that anyone can have access to internal data, data that should not have public disclosure, sensitive internal turned data and the highest of all highly sensitive corporate employing customer data. And depending on where those are located, you may need to redo how your network is segmented. The Center for Internet Security goes on and indicates that one should segment that network based on labels or classification levels of the information stored in the servers, locate all sensitive information on separated V lands with firewall filtering to ensure only those authorized individuals are only able to communicate with systems necessary to fulfill their specific responsibilities. How many of you are ready to do that? On old fashioned workstations and servers that are in your corporate network, look to see how well you’re using the plain old Windows firewall. Again, this is not new. You don’t have to go out and buy anything new. It’s the plain old Windows firewall that you already have in your systems. But are you using it as best as you can? On a sample Windows workstation, go ahead and open up the Windows firewall and you can look at all of the different applications that have built rules in your firewall. Kind of gets a little scary sometimes, especially if you have to stop and go. What application actually built that rule? Something as simple as blocking RCP Port TCP Port 135 and SMB Port TCP port 445 can help a great deal to stop the lateral movement of attackers inside your network. Now, you may not be able to block, especially the SMB ports. You may have to test and see if you can do this, but see if you can especially for sensitive transmission of data. RDP is being used quite a bit in attacks inside of networks. And what you might want to do is see if you can do limits on remote desktop. So go into the properties. And enable what’s called IPsec. Allow the connection if it’s secure and you can customize this and make the setting and then go into remote users or remote computers and see if you can set that for specific users. So instead of opening it up to everybody, put specific users inside the domain that have access to that system. Again, you may not be able to do that everywhere. But again, segment your network. Think about how attackers come in and how they can use the different ports to come in. Limit access as best as you can and use the windows firewall that you already have in your system to build more rules. Obviously document this as well. But please, if you’re in the year 2020 and you’re still disabling the Windows firewall, I hope you’re not doing that. I hope you’re taking the time to look to see what applications have built ports and firewalls and see if you can lock them down better. And as we start 2020, don’t forget to sign in to Tech talk from IDG with lots of tips on Windows and Linux and all sorts of news for the tech of the day. Again, this is Susan Bradley for CSOnline. Thank you again.

READ MORE HERE