2.3 Troubleshoot common security issues Flashcards
Unencrypted credentials/cleartext
- Ensure you are using secure protocols like Secure Shell (SSH)
- Ensure that you are using SSL/TLS to secure communications with any compatible protocol (HTTP, email, etc.)
Logs and event anomalies
Automated alerts (via email, etc.) allow admins to identify and troubleshoot these issues.
Permission issues
Solution: A system of permission auditing that regularly reviews privileges.
Access violations
Logging intrusions or attempted intrusions.
Certificate issues
The most common certificate issue is the client rejecting a server certificate.
- Existing certificate: check the expiration date.
- New certificate: check key usage settings. Or verify clients have correct chain of trust, they need root and intermediate CA certificates before a leaf certificate can be trusted.
Misconfigured Firewall
This will become apparent due to users reporting failure in data traffic.
Troubleshoot:
- Try connecting from both sides of the firewall. If it connects from outside but not inside the firewall, this confirms the issue is the firewall.
Misconfigured Access points
Troubleshoot:
- Ensure that wireless AP’s are implementing WPA/WPA2 with strong passphrase or enterprise authentication.
- Ensure clients have correct passphrase or that AP’s communicate with RADIUS servers.
- Ensure no other wireless signals are interfering with the AP’s transmission.
Weak security configurations
When installing/configuring a device or software, you must use a security policy to determine the strongest possible configuration, not just leave it default.
Personnel - Policy violation
- Determine the policy that was violated
- Bring it to the person’s attention
- Suggest ways for the person to comply better in the future
- To prevent reoccurrence, develop a training program.
Personnel - Insider threat
- Conduct an exit interview and thoroughly offboard the terminated employee.
- Employ personnel management tasks like mandatory vacation and job rotation to reduce the amount of power any one employee holds.
- Regularly review and audit privileged users’ activities.
Personnel - Social engineering
- Train users on how to spot social engineering attempts and mitigate their efforts.
- Uphold the principle of least privilege to minimize the effects of a successful social engineering attack.
Personnel - Social media and personal email
- Remind employee of the policy and how divulging too much information on social media can help attackers.
- Technical control: implement data loss/leak prevention (DLP) solutions to prevent personnel from sending sensitive info to external user or websites.
Unauthorized software
2 types of execution control:
- Whitelist: nothing can run if it is not on the approved whitelist
- Blacklist: anything not on the prohibited blacklist can run
Baseline deviation
Testing the actual configuration of clients and servers to ensure that they are patched and that their configuration settings match the baseline template.
License compliance violation (availability and integrity)
Availability: the software vendor may suspend all licenses if the customer is found to be non-compliant.
Integrity: Unlicensed software exposes an organization to large fines and penalties.
Troubleshoot:
- Identify unlicensed and unauthorized software. Audit devices
- Don’t over-allocate seats compared to what their license agreement allows.
- Prepare for vendor audits.
- Ensure compliance with open source licensing terms
