Earlier this year, both Jude and Matt discussed cyber security and vulnerability scanning via the blog, outlining the importance of tight IT security and the regular checks that can ensure your business network remains safe and secure.
In 2018, we rolled out a new Managed Cyber Security Service, taking ownership of customers' cyber security from start to finish to guarantee systems are as watertight as possible. It is technical specialists that have oversight of this work - they are heavily involved in the security assessments that are carried out as part of investigative work. As a technical specialist, I can give you a good idea of the sort of clues we look out for that might indicate that a system is vulnerable to hackers. Below are some of the fundamental factors that form the basis of our security checks...
Outdated firewall or router “firmware”
At the perimeter of your network will be one or more firewalls or routers – these devices control what is permitted to flow in and out of your internal network, but also provide additional security features such as content filtering and virus scanning. To keep these features and services up-to-date, and to ensure your kit has the latest protection possible, manufacturers release regular firmware upgrades that should be applied to your devices.
Outdated operating system versions
Over time, operating systems such as Windows and macOS become outdated and, as a result, may stop receiving security updates, especially if Microsoft or Apple deem the product to be “end-of-life”. In these circumstances, it’s time to start looking at upgrading the operating system or replacing the device entirely.
Missing operating system patches
Patches or security updates are a critical component of any operating system. Whilst a particular operating system can be deemed current (i.e. several years away from end-of-life), it still requires regular updates to remain secure. This applies to servers, desktops, laptops and even mobile devices like smartphones and tablets.
Outdated application versions
It’s not just operating systems that need to be kept up-to-date, user applications such as Microsoft Office and line of business applications like Sage also require regular updates to repair any vulnerabilities that have been discovered.
Invalid or expired SSL certificates
If you access any internal applications or services using a web browser, it’s likely that an SSL certificate will have been implemented to encrypt transmission of data between your computer and the receiving server. All SSL certificates eventually expire and need renewing, but also exhibit certain security properties such as algorithms and ciphers, which need close attention. If any of these properties become classed as redundant they are no longer sufficiently secure. This might apply to a certificate that has not yet expired and may need renewing early (and renewed with modern security facets implemented).
Exposed firewall “ports”
To allow external access to the same internal applications and services, different ports are used for different purposes. These ports are represented by numbers, with some port numbers dedicated to certain common functions. Sometimes, ports may be open unintentionally; leaving them open can create unnecessary entry points into your network and should be closed (or configured with restricted access) unless you have a specific business justification. Leaving those ports open may leave your network vulnerable to attacks.
Missing or default credentials
Most IT hardware, whether a network printer or wireless access point, will be shipped with default usernames and passwords such as “admin” and “password”, and sometimes without any credentials at all. Leaving these defaults present on the device increases the chance of unauthorised access to your network, so should be replaced with secure details.
Whilst we’re on the subject of passwords, a highly secure password policy should be in place for all devices, from servers and laptops to printers and firewalls. Passwords should be a certain length, contain multiple types of characters, and avoid common words or phrases. Ensuring such policies are in place is paramount to your network’s security as they are essentially the keys to your business data and infrastructure.
There may be other underlying checks that we would make whilst investigating a client’s network security, but the aforementioned items make up the some of the more common inspection we would make.