Due to recent developments we figured it would be great to contribute a cheat sheet and create security best-practices on how to tie down a Microsoft on-prem environment. Our work mostly relies on MS recommendations. However, we put some effort to really condense it to the essence. We hope to see this applied everywhere and thus open-sourced everything in our GitHub repository.
The year 2021 started off with many stories about breached data being made public [1], critical infrastructures being hacked [2] and zero-day vulnerabilities leaving hundreds of thousands of companies worldwide exposed to cyber attacks [3]. Cyber attacks and ransomware are becoming worse and more frequent every year. New ways to infiltrate organisations are identified regularly and for many smaller sized companies, a single attack or data breach can be fatal, putting the company out of business.
Where larger companies with bigger IT budgets and higher degree of automation have less problems dealing with new threats while simultaneously investing in new proactive security measures, small and medium sized businesses often only have the resources to react to actual threats and incidents instead of investing in prevention.
Manuals and product documentation are usually long and complex and reports of performed penetration tests and security assessments often come with a long list of issues to be fixed. This also pose further challenges.
So as part of my research project, I decided to compile a guide to help understand the most important points of securing Windows networks.
The guide was published in Compass Security’s public GitHub repository: https://github.com/CompassSecurity/OnPremSecurityBestPractices
If there is some content you would like to add, please feel free to submit a pull request.
In addition, a cheat sheet was created which lists some of the most frequent security issues identified in our penetration tests and possible mitigations.
You can find the Cheat Sheet here:
https://github.com/CompassSecurity/OnPremSecurityBestPractices/blob/main/internal_network_security_cheat_sheet.pdf
Facts and findings will be discussed (in English) during our next “Beer Talk” on June 24th 5pm CEST. Sign-up with our mailing list to get invited for the “Beer Talk” live stream.
References:
[1] https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4
[2] https://www.nytimes.com/2021/02/08/us/oldsmar-florida-water-supply-hack.html
[3] https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Leave a Reply