A new advisory from signals intelligence and cybersecurity experts at the National Security Agency (NSA) highlights the top 10 most common cybersecurity misconfigurations in large organisations including regular exposure of insecure Active Directory Certificate Services. <\/p>\n
It comes as the NSAs Cybersecurity Director Rob Joyce warned that if your infrastructure cant survive a user clicking a link, you are doomed. <\/p>\n
\"Im the director of cybersecurity at NSA and you can definitely craft an email link I will click he added on X writing as generative AI models make it far easier for non-native speakers to craft convincing phishing emails and as such campaigns remain highly effective for threat actors. <\/p>\n
The list is a useful guidebook to those seeking to secure IT estates and is no doubt based in part on the NSAs extensive experience of breaching services, as well as support defending CNI. To The Stack, it is also a crisp reminder that strict organisational discipline is critical for cyber hygiene. <\/p>\n
Too many network devices with user access via apps or web portals still hide default credentials for built-in administrative accounts. (Cisco, were looking at you, you, you. (Others are also regularly guilty.) The problem extends to printers and scanners with hard coded default credentials on them but are set up with privileged domain accounts loaded so that users can scan and send documents to a shared drive). <\/p>\n
NSA says: Modify the default configuration of applications and appliances before deployment in a production environment . Refer to hardening guidelines provided by the vendor and related cybersecurity guidance (e.g., DISA's Security Technical Implementation Guides (STIGs) and configuration guides) <\/p>\n
More specifically on default permissions risks, NSA says it regularly says issues with configuration of Active Directory Certificate Services (ADCS); a Microsoft feature used to manage Public Key Infrastructure (PKI) certificates, keys, and encryption inside of AD environments. <\/p>\n
Malicious actors can exploit ADCS and\/or ADCS template misconfigurations to manipulate the certificate infrastructure into issuing fraudulent certificates and\/or escalate user privileges to domain administrator privileges it warns, pointing to ADCS servers running with web-enrollment enabled; ADCS templates where low-privileged users have enrollment rights and other associated issues with external guidance on a handful of known escalation paths here, here and here. <\/p>\n
Ensure the secure configuration of ADCS implementations. Regularly update and patch the controlling infrastructure (e.g., for CVE-2021-36942), employ monitoring and auditing mechanisms, and implement strong access controls to protect the infrastructure. Disable NTLM on all ADCS servers. Disable SAN for UPN Mapping. If not required, disable LLMNR and NetBIOS in local computer security settings or by group policy. <\/p>\n
Already have an account? Sign in <\/p>\n
<\/p>\n
Read this article: A new advisory from signals intelligence and cybersecurity experts at the National Security Agency (NSA) highlights the top 10 most common cybersecurity misconfigurations in large organisations including regular exposure of insecure Active Directory Certificate Services. Continue reading
\nTop 10 misconfigurations: An NSA checklist for CISOs - The Stack<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"