People are struggling to understand what some of the top security practices are that they should be using in their personal and professional lives on a daily basis. This blog post outlines six important tips users can follow to keep themselves safe and secure.
1.) Never leave a device unattended when logged in
Leaving a computer unlocked is like leaving a car running with the keys inside it–as soon as someone has direct access, a number of things can happen that are no longer under your control.
Whether it’s a coworker searching for a sensitive file and exfiltrating that under your name, or a cat walking across your keyboard and sending an email you did not want sent, these are the things you don’t want to have happen. Security best practices dictate that as you move away from your desk, you lock your machine.
On Windows and MacOS here are some tips to help you get into the habit–a quick keystroke, moving your mouse to a hot corner, or creating a shortcut on the Touch Bar that will keep your computer secure.
2.) Stay informed about your accounts and domains
Utilize a breach notification service such as haveibeenpwned to monitor any online accounts that use an email for login or have an email on file. Whenever I receive an email account, one of the first steps I take is sign up for free notification emails from haveibeenpwned to ensure that I am monitoring potential account breaches. This empowers me to change the password associated with the account in question once I receive a notification of a breach.
As a reminder, an account compromise is why it is critical to use a unique password for every account. Reusing the same password will often lead to more accounts getting compromised–some of which are not from breached sites–and an affected person may not know until it is too late. Additionally, if you are the owner of a domain, you are able to sign up for monitoring of the domain itself; haveibeenpwned will notify you of any email accounts with your domain that have been compromised.
3.) Verify your patches and patch often
Patches are not always perfect. It’s crucial to verify not only that they function correctly, but that they do not impede functionality.
For things that do not work correctly, look for other alternatives as soon as possible, especially for exploits that are known to be exploited in the current time. The recent popular exploits are often used by individuals scanning as many people as possible to find an exploit, while older exploits are often seen by known scanning tools.
Additional mitigations when a patch cannot be applied include a signature or port based firewall rule.
4.) If something may be compromised, quarantine as soon as possible
Just as a school nurse works fast to prevent an outbreak of pink eye to minimize spread, the same holds true for technology. If a host is exhibiting symptoms of suspicious or malicious activity, it is safer to quarantine the host and completely remove it from the network rather than monitor it to see what will happen. Taking this action minimizes damage beforehand, ideally stopping it before it gets too bad.
5.) Utilize the principle of least privilege whenever possible
The principle of least privilege works by giving a user the minimum amount of access and permissions to complete their job tasks.
For example, in a helpdesk position, the analyst merely needs access to the ticketing system, a phone, a knowledge base (commonly referred to as a KB or runbacks), and a way to reset passwords. A level one help desk analyst–primarily responsible for triaging the calls and tickets–may not even have access to reset user passwords or access the KB articles linking to more low level issues as they are not required to fulfill their job description.
For a penetration tester or red teamer, this is a great way to slow down the path they may take to compromise. If each account functions with the principle of least privilege and an environment has sufficient controls to prevent privilege escalation, the tester will need to do a significant more amount of work than compromising one user.
6.) Learn the MITRE ATT&CK framework
The MITRE ATT&CK framework is a matrix composed of red team techniques and high level tactics that allow defensive security teams to classify attacks and monitor the malicious activity environment when utilized with other security tools.
Take a look at my other blog post that gives an overview of what Hurricane Labs is doing with MITRE and ATT&CK over the next 8 months.
Hopefully this blog post has been helpful in giving your security performance a little tune up. Check back next month for more security tips and tricks!