Security Configuration Management (SCM) : Establish a secure foundation

One of the foundations of endpoint security is to ensure ideal security configurations are established and maintained in the network endpoints. In this article, you'll learn how Vulnerability Manager Plus, being a complete threat and vulnerability management solution, facilitates the entire cycle of security configuration management - right from detecting misconfigurations, categorizing and profiling them, resolving them with built-in remediation and reporting the final configuration posture - all from a single interface.

Why do you need security configuration management?

Endpoint security doesn't end with vulnerability assessment. If vulnerabilities are the gateway into the network, it's the overlooked misconfigurations that attackers leverage to laterally move and exploit other machines within the network. Basically, any poorly documented configuration changes, default settings, or a technical issue across any component in your endpoints could lead to a misconfiguration. But the question is how equipped you are to address these configuration drifts?

For instance, try asking yourself these questions - How many users in your network retain their default password? Do your employees have administrative privileges by default? Have you enforced secure authentication protocols across your network systems? Does the new computers brought into your network are left with default configurations and insecure protocols?Are you aware of these and other security misconfigurations?

If you're not able to answer these questions, you're at risk. A simple flaw like a default password or an open share can be leveraged by an attacker to thwart an organization's security efforts. Attackers could use malware and ransomware to exploit legacy protocols and open shares, as occurred in the worldwide 2017 WannaCry attack. Equip yourself with the Vulnerability Manager Plus Security Configuration Management dashboard, built exclusively to track and combat misconfigurations in systems and servers.

Security Configuration Management

Security configuration management (SCM) is easy with Vulnerability Manager Plus.

To err is human, but to detect misconfiguration and bring it back to compliance is the job of Vulnerability Manager Plus. With a pre-defined library of security configuration controls derived from industry standards and best practices, it automatically detects systems that are misconfigured. Furthermore, it provides detailed information on misconfigurations, their context and resolution. The built-in resolutions allow you to close the SCM loop by deploying recommended security controls to bring your systems back to alignment with just the click of a button.

Vulnerability Manager Plus can even predict possible network operation issues that may arise in the future due to configuration modifications, which helps you safely alter the configurations without impeding critical business operations. You can even generate executive reports on compliance with security configuration goals. It's also important to note that security configuration management not only improves cyber resilience, but also enhances operational efficiency.

misconfiguration

Vulnerability Manager Plus helps you detect and resolve misconfigurations in the following components of Windows systems and servers:

Audit firewall

A firewall misconfiguration can fail to prevent unsecure traffic from penetrating an endpoint in your network. With security configuration management, you can check whether a built-in windows firewall is enabled or a third-party firewall is present. You can also ensure connections are blocked in the firewall to the NetBIOS trio, the infamous WannaCry abettor port 445, and other vulnerable ports that allow unauthorized and unintended actions.

Render passwords uncrackable

Weak passwords are the most common security misconfiguration that plagues the enterprises quite often. "The longer the password, the stronger it is" no longer applies. Attackers are constantly developing new strategies, such as purchasing credentials used in previous breaches to launch password-based brute force and dictionary attacks. Moreover, 62 percent of users admit reusing a password. Besides enforcing long passwords, you can make users adhere to a mix of predefined password policies such as password complexity, minimum password age, maximum password age, how many unique passwords that must be used before old passwords can be reused.

BitLocker encryption

Not protecting your disk volumes can lead to data breaches. You can ensure that BitLocker encryption is enabled to encrypt entire disk volumes to prevent unauthorized access to disks and exfiltration.

Manage network shares

It's important to monitor and have control over what you share within your network. Ransomware and other malware can easily identify and spread to the computers that have shared folders with write permissions from a compromised computer. Gaining details on which folder shares and default admin shares are enabled helps you eliminate network share misconfigurations.

Lockout and logon security

Security configuration management allows you to ensure secure logon is enabled, and that sensitive details are not displayed at the lock screen. This helps you enforce account lockout duration, account lockout threshold, and reset lockout counter after policies from a centralized location to prevent brute-force attacks.

Manage user rights and privileges

Removing users' admin rights could resolve 94 percent of all critical Microsoft vulnerabilities, according to a recent study. Security configuration management enables you to revoke user rights to unintended users, enforce least privilege, and ensure admin accounts are not displayed during elevation, thereby enhancing endpoint security.

User account management

Identify and disable default built-in accounts, such as guests, built-in administrator, and other local admin accounts that serve as an easy target for brute-force attacks.

OS security hardening

OS security hardening establishes a miscellaneous set of security controls, such as disabling autoplay for devices and restricting autorun commands. You need to make sure memory protection settings, logon authentication settings, Structured Exception Handling Overwrite Protection (SEHOP), Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and other security settings are configured appropriately for the OS.

Prevent browser-based attacks

Certain browser misconfigurations, such as firewall traversal from remote host, geolocation tracking, allowing unsecure plugins, and enabling users to bypass smartscreen warnings can lead to browser-based attacks. With Vulnerability Manager Plus to eliminate browser misconfigurations, you can enable safe browsing, restrict unsecure plugins, deploy browser updates, and implement other safe browser security settings quickly and efficiently.

Disable legacy protocols

Legacy protocols, such as Telnet, SMB (Server Message Block), SNMP (Simple Network Management Protocol), TFTP (Trivial File transfer Protocol), and other legacy protocols might reveal system configuration information, provide unintended access to remote hackers, and pave the way for denial of service attacks. You can find out devices in which these protocols are enabled, and put an end to them quickly.

It is imperative that you take proactive measures to avoid becoming a cyberattack victim. Download a 30-day, free trial of Vulnerability Manager Plus now to establish a secure foundation and thwart rogue hackers.