Tag: Policy

  • LDAP Passback and Why We Harp on Passwords

    Hackers are like anyone else in that they would rather work smarter, not harder – picking the low-hanging fruit first. Oftentimes, we find companies who put it in front of them without even knowing it.

    In today’s video, I demonstrate how to conduct a Lightweight Directory Access Protocol (LDAP) passback attack, essentially using third-party hardware or software as an access point to a company network. I’ll show you three different ways to conduct the attack and offer some helpful tips on how to defend against it. 

    What I believe is important to add here is the common thread that links all of them: access to a password. If you want to know why our discussions seem to always circle back to that concept, it’s because an improperly protected password is a master key for hackers, whether their hats are white or black. 

    One is usually all we need to get inside your network. From there, the possibilities are limited only by our imaginations (and our scope of work). As I discuss at the outset of the video, too many of our customers make it easy by leaving devices like printers set to their default passwords or even null passwords, meaning they never created a password to begin with.

    Once we control the device, capturing legitimate passwords is easy. The Raxis team has conducted several internal network tests where discovering an admin interface with default or null credentials got us full domain admin access to the network. In one case, a vendor told the company that the default password was okay to use for a few weeks until things were all set up. On another, we found a password file on a sensitive file share that was set up without a password while the IT staff moved it to a new server. And still another company had no clue a system had a default password. They said it had always been that way. 

    LDAP passback attacks can be prevented, but it takes companies implementing robust security protocols for everything with an IP address on your network – including printers and other devices. 

    Remember, if it’s connected, it must be protected. 

    Make sure all your devices are locked down with a strong password — no matter how innocuous the device may seem. It’s a hacker’s job to find their way in. It’s Raxis’ job to identify these vulnerabilities so that you can correct them before that happens. 

    Our team of experts are ready to help you and your organization find its weaknesses and help you strengthen your security. Talk with our team today.

  • Monitor. Detect. Alert. It’s worth the effort.

    Let’s talk about monitoring and alerting. 

    First – what is it? Simply put, monitoring and alerting is the ability to detect a suspicious incident and notify the appropriate team members who can decide what type and level of response is necessary.

    However, your monitoring and alerting system isn’t a set-it-and-forget-it component of your overall cybersecurity posture. It’s not quick and easy, but it is essential. Without properly tuned filters and someone who knows how to digest the information and react appropriately, malicious actors can slip inside your network without your knowledge. 

    As Brian discusses, monitoring and alerting take time, experience, and ongoing testing to get right. 

    At Raxis, our penetration testing not only tests for vulnerabilities, but we also test a company’s ability to detect an attack or exploit attempt. When we test, we do so in an escalating manner that allows us to determine at what threshold detection occurs. This in turns allows our clients to see how effective (or not) their monitoring is and modify their protocols accordingly.

    Download our list of Top 10 Cyber Attacks to learn more about ways to secure your company.

    Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.

  • What to Expect When You’re Expecting a (Raxis) Penetration Test

    I made this video to help you understand a little better how Raxis works, and specifically what happens once you engage us. I hope it allays some of your concerns about penetration testing.

    There’s no reason to fear a pen test. Seriously. After all, it’s just a simulated cyberattack, one that you authorize and allow. Yet some CEOs, CIOs, and CISOs are hesitant to allow this ethical hacking for fear that the bad guys will somehow use it against them, that it will cause security issues, or that it will make them look bad. In fact, it’s just the opposite – especially if you choose to engage Raxis.

    We get it, though. It’s natural to be cautious, and it’s prudent to want to know more about the people you’re working with, especially when granting access to your company’s most sensitive data. Whether you choose to work with Raxis or any other firm, we recommend you ask (and answer) plenty of questions up front. You want to know the company has the right experience to offer a range of high-quality services. One size definitely does not fit all. The firm you select should speak to you in advance to understand your specific needs and expectations . . . and then design and deliver the type of test, training, and follow-up that best protects you and makes you more resilient.

    The Raxis team has some of the industry’s most advanced certifications, but we don’t intimidate our customers or hide anything from them. We believe knowledge empowers our clients, and we share it freely. Whether you use us or someone else, penetration testing is a critical part of your corporate cybersecurity strategy that you should not put off or bypass.

    As you can see, we welcome your questions and concerns during every phase of our process. We conclude our pen tests with an executive summary for management and detailed findings and screenshots that can serve as a to-do list for your internal teams.  

    Raxis stands by our processes, our team, and our word. Now it’s up to you to perform due diligence and research the expertise and deliverables of any cybersecurity company you’re considering. Follow us on this blog or social media, read more about our pen testing experience, or contact us directly to learn more about why some of America’s corporations (and small businesses) choose to work with us.

  • Remote Security Series: Review Remote Workforce Policies

    The coronavirus emergency has made it clear that some companies are ready for the new work-from-home (WFH) reality, with mature and tested policies for managing remote business workflows. Others were caught off-guard and now find themselves developing and refining their procedures even as they’re being implemented.

    Especially in times of crisis, we humans need structure, boundaries, and clear guidance to help us feel secure and remain productive. So much so that we’ll create our own in the absence of any guidance. And while a little flexibility is a good thing, remote work brings technology and cybersecurity challenges that demand clear, relevant, and effective policies to protect the company’s network.

    Turning the problem into an opportunity

    Though most companies are now facing the radical shift to a remote workforce, the smart ones are using this emergency as an opportunity to review and update their remote work policies. Even for those that have transitioned smoothly to WFH, the scale of this change makes it prudent to double check the security posture of their teams. Those that do will find more ways to make their operations more secure and efficient; those that don’t may become corporate casualties of the coronavirus.

    Safeguarding sensitive data

    One of the biggest security issues for businesses is handling sensitive data like Social Security, credit card, or bank account numbers. Do you have procedures in place to make sure that information can be sent and received securely? Take a close look at how sensitive data flows across your newly extended network boundaries. Make sure you’ve accounted for identity management, client information, and any type of financial divulgence or payment.

    Like a rubber band, your network perimeter thins as it expands. Remote workers are at a heightened risk of direct attacks against their personal data. Emphasize the importance of documented policies regarding internal communications. Some examples might include never asking for passwords, verifying critical or sensitive requests, and MFA support.

    Business continuity processes (you do have them, don’t you?) no longer enjoy the luxury of encompassing a small number of sites. They now must accommodate an increasingly dynamic footprint of inputs from remote workers. Use this experience to update them to include such things as better internal communications, more productivity checkpoints, remote device wipe, and alternate contact information for remote workers.

    Include guidance about the personal use of business assets and make sure your VPN enforces a minimum level of security compliance before authorizing network connections. That should include requiring the use of company devices, keeping your endpoint protection up to date, and making sure any necessary agents are installed.

    In addition, you should enforce MFA on all systems that connect to network resources. Implementing MFA requires planning, but it offers much more robust security at the perimeters.

    All of these efforts are important, but they’re doomed unless you also have an effective way to let your workers know about them. Now is the time to communicate more frequently about security and be on guard against localized attacks like phishing and spear-phishing. Not sure about that email? Don’t open it. Hold off on sending hyperlinks so that any links received stand out for additional scrutiny.

    Where to start

    These are just a few of the ways you can make sure your business turns the problems you face with remote work into opportunities to make the experience more effective for your company and your team.

    If you need more help or want experts to help you transition to WFH, Raxis offers thorough security reviews and guidance on Teleworking, Security, and Business Continuity / Disaster Recovery (BC/DR) policies.

    Contact Raxis today for more information.

    Want to learn more? Take a look at the next part of our Remote Security Series.