[2022 Issue 13] 7 Easy Ways to Narrow Your Attack Surface

zyxel_Lin

Fast growing numbers of vulnerability disclosures is making it clear that threat attacks’ skills are continuously improving, and those exploits may bring down a wide range of security perimeters. What’s worse is that security team is asked to react quickly, and there is little tolerance from organizational decision makers for any shortfalls.

Are there any opportunities for a security operations team to keep up? Absolutely, it all starts with a security strategy that addresses an organization’s unique operational requirements, followed by scrutiny of security policies, where the least-privilege principle matters and mitigate threat actors before their objectives would be achieved.

#1 Stop accessing to administrative WebGUI of the Internet facing firewall

When you are outside the security perimeter, stop accessing the administrative WebGUI of the Internet facing firewall. Make sure there is strict access control policy properly configured in your Internet facing firewall. Double check your active access control policies. Block access to your Internet facing firewall using protocols including HTTP, HTTPS, PING, SSH, SSL VPN, and TELNET. Alternatively, you can deploy cloud-managed firewall, where there is no direct administrative access to the firewall appliance, thus keeping the holes closed.

#2 Enforce strict access control policy

If you do need to allow access to the administrative WebGUI of the Internet facing firewall, enforce strict access control policy, to narrow the attack surface. Change the default HTTPS 443 to a random port e.g., 17445. Use country restriction to block most of the unwanted access attempts. Only allows access originated from trusted endpoints. This could be done by configuring ACL or firewall rules, to allow only certain legitimate IP addresses.

Enforcing strict password policy against administrative accounts. Such as using a minimum of 12 characters, combination of lower/upper case, numeric/special chars, and changing password is on monthly basis. Password cannot be re-used. Always enforce two-factor authentication with administrative logins to your Internet facing firewall.

#3 Stop exposing office network/resource to the Internet

It’s risky to configure NAT/port forwarding on the Internet-facing firewall. Always deploy VPNs, in the event when your employees working from home or on-the-go and have the need to access internal reresourcesuch as a NAS, webcam, or printer.

#4 Businesses are strongly recommended to use an SSLVPN alternative

There were tons of vulnerabilities discovered from top brands of the SSLVPN products. There are better alternatives for securing remote access to the company network. IKEv2 plus authentication (e.g. MSCHAPv2) is the better alternative to SSLVPN.

#5 Deploy multi-layered defense of the advanced security firewall

The objective is to block cyber kill chain, thus mitigating threat vectors. Enabling IP reputation and IPS: the technologies that help detect port scan, Denial-of-Service, exploits, and brute force attacks. Enabling Threat Filter, Anti-malware: the technologies that help block downloader of the backdoor/malware, stopping the phone home connections, preventing the target from being compromised further.

Proactively alert, tracing, and managing threat vectors by adapting Sandbox technology and security event analytic report.

#6 Backup configurations on a regular basis

Creating configuration backups enables you to restore a firewall configuration anytime when a network disaster strikes. To ensure high security, configuration backups are mostly encrypted before saved in the database.

#7 Pay attention to the vendor's security advisory 

Vendors usually provide customer’s organizations with recommendations to prepare for potential cyberattacks as a direct or indirect result of the current cyber threat crisis. It is important to stay informed, vigilant and keeping software up to date to mitigate the security risk.