NSA's Top Ten Cybersecurity Mistakes (PDF)

The National Security Agency (NSA), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), have released the ten most common cybersecurity misconfigurations in large organizations.

In their cybersecurity advisory (CSA from the cybersecurity advisory), in addition to misconfigurations they detail the techniques and procedures (TTPs) that malicious users use to exploit these misconfigurations.security

Through her team ratings NSA and CISA Red and Blue, as well as through the activities of the NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:

1. Default software and application configurations
2. Incorrect separation of user/admin rights
3. Inadequate internal network monitoring
4. Lack of network segmentation
5. Poor update management
6. Skipping the elements system
7. Weak or incorrect multi-factor authentication methods (MFA).
8. Inadequate Access Control Lists (ACLs) on network shares and services
9. Poor credential hygiene
10. Unlimited code execution

NSA and CISA encourage network IT professionals to implement the recommendations found in the Mitigations section (mitigation) in the paper published by:

  • Remove default credentials and harden settings.
  • Disable unused services and implement access controls.
  • Update regularly and automate them , prioritizing the patching of known vulnerabilities.
  • Reduce, limit and control all accounts that have administrative privileges.

The NSA and CISA on the other hand urge software manufacturers to take responsibility for improving their customers' security outcomes by adopting secure-by-design tactics such as:

  • Integrating security controls into the product architecture from the beginning of development and throughout the software development life cycle (SDLC)
  • Eliminate default passwords.
  • High quality delivery audit log to customers at no extra charge.
  • Default use of MFA, ideally resistant to phishing, for non-revocable privileged users

You can download one PDF version from here

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

BluecisaNSApaperPhishing

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).