[ISN] Simple Settings That Could Curtail Some Attacks

From: InfoSec News <alerts_at_private>
Date: Wed, 21 Mar 2012 02:27:36 -0500 (CDT)
http://www.darkreading.com/vulnerability-management/167901026/security/vulnerabilities/232602900/simple-settings-that-could-curtail-some-attacks.html

By Kelly Jackson Higgins
Dark Reading
March 20, 2012

Sometimes it's the little things -- a misconfigured network proxy or an 
unused and forgotten port -- that can make the difference in whether an 
organization suffers a major hack.

Organizations, especially those without the security resources to keep 
on top of these basic hygiene configurations, often leave themselves 
exposed as they struggle to keep track of the configurations. Even some 
large companies forget the little things or are so overwhelmed with 
volume that they miss them. "These little things -- not letting users 
download .exe files, or [not] using proxies for filtering, that don't 
impact the business in any way" basically raise the bar for the 
attacker, says Marc Maiffret, CTO and co-founder of eEye Digital 
Security.

So Maiffret says eEye later this week will roll out a free tool that 
runs a quick "health-check" on some key and simple-to-fix configuration 
best practices that can help shrink the attack surface. The so-called In 
Configuration We Trust Tool isn't meant to replace a vulnerability 
assessment, penetration test, or proper patch management programs, but 
instead to take the pulse of some of the basic protective steps in 
configuring a safer environment, Maiffret says.

The tool checks for 10 basic things you can do to properly configure 
your environment: use digitally signed running processes; use digitally 
signed DLLHost Services and egress port filtering; disable Microsoft 
Office converters; update Windows operating system with the latest 
releases; update Microsoft Office with the latest releases; remove 
administrative privileges from end user accounts; disable WebDAV; block 
direct downloads of executable files; and push egress traffic through a 
Web proxy.

[...]


______________________________________________________________________________
CISSP and CEH training with Expanding Security is the fastest, easiest way
to grock the relevant data you need now.   A free class invite is in every
PainPill.  Sign up for the free weekly PainPill .  It's that easy.
http://www.expandingsecurity.com/PainPill
Received on Wed Mar 21 2012 - 00:27:36 PDT

This archive was generated by hypermail 2.2.0 : Wed Mar 21 2012 - 00:34:30 PDT