In today’s world, computer systems are the backbone of most companies. It’s crucial to protect these systems, yet often the mindset is, “It’s been set up this way for years—why change it now?”
Enhancing security after a system has been designed is challenging—akin to building a house without electrical wiring and then trying to install it later. It’s a significant task but necessary in our modern society.
At Syndis, we aim to provide actionable suggestions to minimize the risk of system intrusions. However, it’s essential to recognize that 100% security is unattainable; therefore, defenses and plans must account for potential breaches.
Implementing the following measures may impact system functionality, so it’s vital to test these adjustments before full deployment.
Many companies utilize Active Directory (AD) as a core system, with Entra ID serving as the cloud-based counterpart. These systems often work in tandem, and numerous organizations operate both. Below are recommendations for improving these systems based on their original configurations.
Layered Access Permissions: Implement tiered access controls. Users should only have access necessary for their roles. For broader access requirements, consider multiple accounts with distinct permissions. For instance, a system administrator might have separate accounts for different administrative tasks, limiting the use of accounts with extensive privileges.
Multi-Factor Authentication (MFA): Activate MFA for all users to reduce the risk of compromised passwords leading to unauthorized system access.
24/7 System Monitoring: Continuous monitoring is crucial, as many security incidents occur outside regular office hours. Monitoring provides deeper insights into system behaviors.
Employee and Contractor Training: Educate staff and contractors, as many cyberattacks target individuals directly through phishing emails or other deceptive methods.
Use of ‘Protected Users’ Group: Assign users with administrative rights to the ‘Protected Users’ group. This enforces stronger password encryption, prevents credential caching on computers, and disallows outdated authentication methods.
Regular Updates: Keep systems updated to prevent attackers from exploiting vulnerabilities in outdated AD environments. Review and disable insecure settings not automatically addressed by standard updates, such as SSLv3, TLS1.0, TLS1.1, LM, NTLM, and obsolete password encryption methods.
Certificate Authority (CA) Security: Certificate servers are frequent targets due to insecure configurations. For example, if anyone can request certificates impersonating other users, like administrators, it poses a significant risk. Review Certificate Templates for vulnerabilities known as ESC1 to ESC15.
Tvíþátta auðkenning ætti að vera virk á öllum notendum í umhverfinu til að lágmarka líkurnar á að stolið lykilorð opni aðganga inn í tölvukerfi.
Sólarhringsvöktun á tölvukerfum er mikilvæg þar sem mikill hluti öryggisatvika á sér stað utan hefðbundins skrifstofutíma ásamt því sem vöktun veitir mun nánari innsýn inn í hegðun tölvukerfa.
Fræðsla starfsmanna og verktaka skiptir sköpum þar sem stór hluti tölvuárása beinist gegn starfsmönnum beint, hvort sem það eru veiðipóstar eða aðrar leiðir sem árásaraðilar reyna að nýta sér til að plata starfsmenn í að framkvæma eitthvað sem er óeðlilegt.
Administrator Accounts: Create M365 administrator accounts directly within M365, rather than syncing them from AD, to reduce potential damage if an administrator account is compromised.
Spam Filter Settings: Configure M365 spam filters to prevent impersonation of employees or the company, such as altering the sender’s name in emails. Strengthen filters to minimize spam reaching the environment.