NSA's Top Ten Cybersecurity Mistakes (PDF)

The National Security Agency (NSA), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), have released the ten most common cybersecurity misconfigurations in large organizations.

In their cybersecurity advisory (CSA from the cybersecurity advisory), in addition to misconfigurations they detail the techniques and procedures (TTPs) that malicious users use to exploit these misconfigurations.security

Through her team ratings NSA and CISA Red and Blue, as well as through the activities of the NSA and CISA Hunt and Incident Response teams, the they identified the following 10 most common network misconfigurations:

1. Default software and application configurations
2. Incorrect separation of user/admin rights
3. Inadequate internal network monitoring
4. Lack of network segmentation
5. Poor update management
6. Bypassing system access controls
7. Weak or incorrect multi-factor authentication (MFA) methods.
8. Inadequate access control lists (ACLs) on shares and network services
9. Poor credential hygiene
10. Unlimited code execution

NSA and CISA encourage IT professionals involved in implement the recommendations found in the Mitigations section (mitigation) in the paper published by:

  • Remove default credentials and harden settings.
  • Disable unused services and implement access controls.
  • Update regularly and automate updates, prioritizing fixing known vulnerabilities.
  • Reduce, limit and control all accounts that have administrative privileges.

The NSA and CISA on the other hand urge software manufacturers to take responsibility for improving their customers' security outcomes by adopting secure tactics s by default, such as:

  • Integrating security controls into the product architecture from the beginning of development and throughout the software development life cycle (SDLC)
  • Eliminate default passwords.
  • High supply audit logs to customers at no additional charge.
  • Default use of MFA, ideally resistant to phishing, for non-revocable privileged users

You can download one PDF version from here

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

BluecisaNSApaperPhishing

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).