cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Simple Cyber Security Tips

Product Manager

Recently, the Security Team here at SolarWinds conducted a survey to gather information about security risks you felt would be the most detrimental to your network. While it was clear the reality is the external threat will always be a risk, there was a lot more confidence in your perimeter defense systems, policies, and procedures. On the flipside, there was also a significant increase in the belief that the INTERNAL threat is a much higher risk.


The following infographic provides several simple tips that can help reduce the risk of insider abuse. Below you will also find some additional best practices that you can use to create a more secure user environment.

1. CREATE STRONG PASSWORDS/PRACTICE PASSWORD HYGIENE

  • Configure and enforce the use of strong passwords - while your user/customers may become grumpy, your leadership and compliance auditors breathe a sigh of relief.
  • Educate your users on the importance of passwords to create buy-in. One of the most effective ways to drive a point home is to show them how easy it is to crack simple passwords: get permission from management and run a live attack on sample passwords. The “shock and awe” factor can be a pretty effective method.
  • Use SIEM or Log Management tools to monitor and alert on odd password sets/resets, such as strange times of day or too many accounts being changed at once. This can be an early indicator of both brute force and low and slow attacks.

2. KEEP YOUR INBOX SAFE

  • User education is also extremely important when it comes to email.  Providing real-life examples of phishing emails would be a good way to help your user base gain a simple understanding of how emails can be used to gather information.  Most importantly, encourage them to ask questions! The old adage “If it’s too good to be true...it probably is” is a good mantra to remember when preaching email security.
  • Email content scanners are essential for scanning attachments and emails for embedded code, while SIEM and Log Management tools can also be used to monitor logs for suspicious authentications events. Look for someone logging on to another user’s inbox, “send as” events against critical inboxes, port 25 traffic that does NOT source from your email server(s), or an abnormal amount of traffic that is in fact coming from your internal email server(s).

3. KEEP SECURITY TOP OF MIND

  • The Department of Defense provides a decent model for creating a security culture with education tools like emailed “Security Tips”, required online or classroom based self-paced security courses, and enforcing a “Clean desk” policy. This type of consistency in education keeps users aware even if they only pay attention to half of the material, and builds accountability - to use an old military quote, users will begin to “police their own” and hold their peers responsible for a secure environment.

4. KEEP YOUR DEVICES SECURE

  • It’s absolutely imperative that systems and applications are kept up to date on updates and patches. Take it just a bit further and use the operating system or domain policies to limit a remote user’s capabilities within a system.  Realizing that this is not popular and can be difficult to manage, the alternative is much more frightening. Once a system leaves the mother ship the security risk grows exponentially.  Once again I will mention user education (notice a theme here?).  Hammering the fact that this shiny new, expertly provisioned laptop is not a “personal device” is key to reducing the security risk.

5. AUDIT WHO HAS ACCESS

  • Auditing is one of, if not the most crucial tools/features that should be enabled in every environment. Some of the key logs that should be audited are:
    • Access logs – Monitoring successful/failed logons at the domain AND local level can alert you to authentication based attacks by looking for the use of privileged accounts at odd hours or large amounts of failed logon attempts from same account, and can also provide critical information for root cause analysis and forensics.
    • File Activity –Native operating system audit policies, File Integrity Monitoring applications and Content Scanners all create audit trails on file servers and endpoints that can be used to detect data theft and suspicious file changes.  In many cases these tools may also alert you to zero-day viruses and other malware.
    • Network, System and Application logs -  These logs can not only identify perimeter attacks , but also identify outbound FTP traffic which can indicate data theft or malware, and critical error and change information that may alert you to site hacking, malware and denial of service attacks sourcing from INSIDE the network.

The risk of attacks and breaches only grows with the introduction of Bring Your Own Device (BYOD) mobile devices so implementing the right tools, policies and procedures now just might create the proper security culture within your business.

Avoid some of the cybersecurity pitfalls. Secure your environment with Log & Event Manager. Get started for free.

14 Comments
Level 15

Nice reference material. 

MVP
MVP

Good basic set of tips...  Thank you,

Level 13

This is really well-presented. The infographic in particular is very useful.

I'm curious to what extent, if any, you feel that 2-factor authentication mitigates the need for excessive password length (which presents its own set of challenges)?

Product Manager
Product Manager

Passwords is a pretty interesting topic. Even as I read through the infographic, that one made me pause. We know that complex passwords (like the ones suggested) are hard for people to remember, and we know that the password expiration policies can ALSO create hard to remember passwords. As of late, passphrases have become better suggestions than passwords, since they are usually easier to remember AND more unique, while still maintaining security/strength. There's some interesting analysis on various posts, but this one was pretty good: Password Security - Why Secure Passwords Need Length Over Complexity - Crambler (also an interesting tool - How Secure Is My Password?‌ - which checks your password's strength client-side).

I would definitely agree that two factor authentication mitigates some of this risk by not just being something you "know" (like a password) which feels like such a losing battle sometimes. I'm not sure if there have been any measures to how much the risk decreases with MFA/2FA vs. passwords alone - I suppose I'd be a little concerned that if you compromise (or decrease security in) one factor a compromise in the other factor could be much more disastrous. Although it's unlikely you could have BOTH your factors compromised, I'd be pretty hesitant to reduce password security too far complexity-wise. The expiration date seems pretty silly when you consider MFA/2FA, though.

Good simple link on 2FA/MFA for anyone who hasn't spent much time in that area: 3 simple ways two-factor authentication can protect you when no one else will | PCWorld

Level 10

Hi Clubjuggle -

Personally I'm a huge fan of a particular kind of 2-factor, specifically Out-of-Band authentication.

For example, if you are logging onto a computer and you have a soft token on your phone that give you a challenge response.

It's important that the second factor is comes from a different channel.

Other types of 2-factor (or MultiFactor MFA) such as device ID, challenge questions etc. can all be broken by keyloggers.

We see this frequently in ACH/Wire Fraud

If you use OOB auth, then yes, you don't need such a strong password.

However - the challenge with these types of OOB auth are that they take more time so the user experience is not as convenient.

I recommend OOB auth on critical accounts such as customer data in your CRM; financial apps, and your source code repository.

Anyone have a favorite OOB?  I use RSA's soft token, but there are many other great solutions.

Level 17

It does not. People really need to be educated about passwords and this security. Understanding commonalities and and congruency between your password and projected personal self may reduce the amount of colleagues that can guess your password within a few tries. You would never think this too much of an issue until you experience an internal threat. These days with intellectual property and personal information you can never be too careful. I still wonder sometimes how many valve designs in China came from a company that I worked for years ago.  - As service of a users PC one day revealed that he had Novell and other encryption software installed on his work PC. He was an engineer with access to all the drawings and plans for patented products. After we adjusted his machine back to standards he only worked for the company for a little while longer before 'going home'.

Level 17

If every user understood the highlighted 5 points in text, man what a world that would be.

Level 13

Google Authenticator is handy. I use it for my mail accounts, my password manager, and some other stuff as well.

Level 13

At least the first four. The fifth one is mainly an IT/security thing.

Level 11

‌Good information, keeping up to date on the best security techniques, and using different passwords for different accounts so if one is breached all the accounts aren't compromised Is a good practice.

Level 17

or for the truly intuitive user

Level 13

A seldom-seen beast, believed to be mythical. See also the "users" badge lanyard in the Thwack store.

Level 17

IT was my understanding that it is a seldom-seen mythical beast, believed to be cunning enough to outwit itself. 

Level 10

Continuing on the subject of Out-of-Bank authentication, just before RSA Salesforce acquired its own OOB solution Toopher - from Austin Tx. Toopher uses the mobile phone for OOB auth, but allows you to use proximity - the location of the phone - for low risk transactions.  For higher risk transactions you still need the soft token. 

I like the idea of dynamic step up of the assurance of the authentication based on the riskiness of the transaction.

About the Author
After working all aspects of IT from lab/helpdesk support to complete IT responsibility over the span of 10 years, Nicole turned Product Manager to help bring accessible IT management software to the masses. She joined SolarWinds with the acquisition of Log & Event Manager in 2011 to find it felt just like home.