Cyber Security Methods

The Endpoint Security Checklist

Personal and organizational machines both have more vulnerability and attackers are attempting to exploit such weaknesses to get access to the endpoint.

Preventing attackers from obtaining access to a machine in the first place is the best security against cyber-attacks. We use the following approaches to prevent initial compromise:

Approach 1 – Ports and services which are exposed to public:

In most organizations, sensitive ports will be closed for external connections because there are various ways to identify open ports. For attackers, open RDP ports that are exposed to the public service as beacons. Place RDP listening ports behind a firewall and use an RDP Gateway to restrict access. It’s also a good idea to enable network-level authentication and change the default listening port (TCP 3389). Disable SMB and use firewalls to restrict SMB network activity.

Approach 2 – Patching Vulnerable Application/Software: Most of us increasingly use software and applications in day-to-day life to handle our work. It only takes a few minutes to exploit vulnerabilities that are published online. A system for assessing, testing, and deploying patches is a key first line of security against such attacks. Recently, more vulnerabilities were disclosed but patches were released after months. For example, log4j vulnerability has released its patch after days, as a result customers had to isolate systems and restricting network access ​

Approach 3 – Email related attacks: Email gateways are a very common application in organizations. We create custom rules in email gateways to block malicious script files (.JS, .VBS, etc.), archive files (. ZIP, SFX, .7z), and keep emails which have malicious Office files (.DOC, .DOCX, etc.) and PDFs in the hold. We increase the spam score in the email gateway to reject spam emails. We train and inform end-users about deception and social engineering attacks. ​ Approach 4 – Common prevention techniques: Hackers abuse macros to download malware and launch malicious scripts. We block macros in Office files, unwanted Ads, and third-party services in the browser. To prevent misuse of the DDE capabilities (now deactivated by default), we uncheck “Update Automatic Links at Open” in Microsoft Word and disable OLE Packages.