6 Things IT Admins Should Validate Right Now

Updated: Jun 4, 2020

To HyperProtect Partners & Clients

We know that our partners and clients depend on HyperProtect for cyber security services. Due to the pandemic, and the havoc that is being experienced across the world, we wanted to offer up some preventive measures as a follow-up to ensure security compliance.

As IT organisations modify and change controls to enable business resumption for remote workers, changes to operations and Identity & Access Management changes, this can result in human error with mis-configurations, other un-controlled actions etc.  IT groups are being tasked to get employees and other remote services setup and running with new configurations.

Below are some “use cases” identified for your awareness to potential exposures created due to emergency actions / reactions during this time. Please validate and address these areas to reduce potential exposures:

  1. Lock Down RDP – Triple check access control lists responsible for limiting access to machines allowing RDP connections from the public internet. This is one of the most common but critical mistakes a security team can make. If you must expose a machine, be sure your whitelists are very explicit. We also have simple to deploy solutions that take away any requirement for public exposure to RDP.

  2. Scrutinise VPN – Setting up VPN tunnels to access the entire network with trusting everything and everyone. Be sure your VPN ACL’s are heavily scrutinised and limit VPN users to just the specific items needed. Bad actors are extensively targeting VPN’s for obvious reasons.

  3. Scrutinise Firewall ACL’s – Mis-configuration of Firewall’s that may expose some specific group’s/users/machines to the Internet. This allows for scanning, brute force capability, exploit delivery and additional reconnaissance that must be avoided.

  4. Identify & Monitor Un-Managed Devices – Un-managed devices allowed to access corporate resources allows for irregular and dangerous situations. Allowing un-managed machines or devices to access corporate networks and resources unrestricted allows for countless possible catastrophic scenarios. Constant monitoring and paranoia for anomalous internal and external traffic must be investigated immediately, particularly if it is an un-managed machine.