×

Irish Information Security Forum

Top Ten Cybersecurity Misconfigurations

Source: NSA, CISA

Release Date: 05-Oct-2023

Alert Code: AA23-278A

 

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations. 

A plea for network defenders and software manufacturers to fix common problems.

 

The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released this joint cybersecurity advisory to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures actors use to exploit these misconfigurations.

 

Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:

 

  • Default configurations of software and applications
  • Improper separation of user/administrator privilege
  • Insufficient internal network monitoring
  • Lack of network segmentation
  • Poor patch management
  • Bypass of system access controls
  • Weak or misconfigured multifactor authentication (MFA) methods
  • Insufficient access control lists (ACLs) on network shares and services
  • Poor credential hygiene
  • Unrestricted code execution

 

These misconfigurations illustrate (1) a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and (2) the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders:

  • Properly trained, staffed, and funded network security teams can implement the known mitigations for these weaknesses.
  • Software manufacturers must reduce the prevalence of these misconfigurations—thus strengthening the security posture for customers—by incorporating secure-by-design and -default principles and tactics into their software development practices.[1]
  • NSA and CISA encourage network defenders to implement the recommendations found within the Mitigations section of this advisory—including the following—to reduce the risk of malicious actors exploiting the identified misconfigurations.
  • Remove default credentials and harden configurations.
  • Disable unused services and implement access controls.
  • Update regularly and automate patching, prioritizing patching of known exploited vulnerabilities.[2]
  • Reduce, restrict, audit, and monitor administrative accounts and privileges.
  • NSA and CISA urge software manufacturers to take ownership of improving security outcomes of their customers by embracing secure-by-design and-default tactics, including:
  • Embedding security controls into product architecture from the start of development and throughout the entire software development lifecycle (SDLC).
  • Eliminating default passwords.
  • Providing high-quality audit logs to customers at no extra charge.
  • Mandating MFA, ideally phishing-resistant, for privileged users and making MFA a default rather than opt-in feature.[3]

 

Download the PDF version of this report: PDF, 660 KB
cybersecurity configuration mistakes

 

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter