It’s easy to say “just control who accesses your data.” Reducing fingers in the cookie jar makes it much easier to protect the cookies inside. Using proper access controls on a network makes it easier to protect the data inside. But in cybersecurity, the steps to make this happen can be confusing and complicated. Using CISA’s recent security alert as a guide, we are sharing mitigation tips with our unique perspective. Here we address user access in two parts – who has access, and how they obtain that access. Reduce your cyber risk by controlling who gets inside the network, and control how users obtain access.
Control Who Gets Inside the Network
Zero/Dedicated Trust. It’s important that every system verifies each user BEFORE granting access to networks and devices, but we call it Dedicated Trust – we start with Zero Trust, until we validate the resource and trust only validated sources. We do trust other users and collaborators, but we are extremely cautious with this as we seek to reduce cyber risk.
Establish strong user access controls.
Each employee should have access to only the programs and data that are necessary to perform their job (least privilege).
Use SOD (segregation of duties), a risk management strategy based on sharing responsibilities for a key process. Assign and divide critical duties to more than one person.
User accounts should be specifically tailored to each user. No user accounts should be shared.
Change default passwords of equipment and systems immediately upon installation.
Require password changes frequently. Require strong and unique passwords.
Ensure there are policies and processes for access changes when an employee enters the company, exits the company, or moves internally in the company.
Harden conditional access policies. Carefully manage VPN (Virtual Private Network) and remote access policies and settings, and review them at regular intervals.
No open RDP ports. Make sure that any system with an open RDP port is behind a firewall, and require a VPN to access it through the firewall.
Protect How Users Obtain Access
Limit remote logins.
Deny access to an administrator account if it is logging in remotely or via an RDP (Remote Desktop Protocol) session.
Designate workstations to be used solely for administrative access. This will limit the information an attacker can obtain if a user’s credentials are compromised.
Set up anomaly detection and policies to deny a remote user access if it behaves outside its own normal activity.
Set boundaries for remote logins and access. This can include a timeout if a workstation is left inactive, revoking access if MFA isn’t enabled, etc.
Steps to establish and maintain Credential Hardening are also key to reduce cyber risk.
Implement MFA (multi-factor authentication) as soon as possible. This is especially important for VPN connections, privileged accounts, and external-facing services. Critical data and services should require phishing-resistant MFA (security keys).
Get rid of default passwords. Once a new device is placed in service, change the username and password immediately. Enforce the use of strong passwords.
Monitor for compromised credentials. Make sure your system will prevent the use of weak or compromised passwords.
Setting a good course for your cybersecurity strategy can be daunting, but it can be done. Keep going. We’re here to help reduce your cyber risk – if you have questions about any of these mitigations, send us a note. We’ll be glad to direct you to resources to expand your team’s capacity or to find third-party assistance.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.
Whatever your cybersecurity challenge, we can help you keep your business running. We are a defensive and offensive cybersecurity company, using over 30 years of experience with active commercial and government work and proven security methodologies. We also educate teams and professionals who want to build on their skills.
We set the standard for cybersecurity excellence.