95% of Pen Test Problems Can Be Easily Resolved

The most common configuration problems found in the majority of penetration tests can be easily resolved with straightforward fixes.

Analysis from more than 50 engagements in the first half of 2019 by Lares, shared exclusively with Infosecurity, found that the top five penetration test discoveries are:

Brute forcing accounts with weak and guessable passwords
Kerberoasting 
Excessive file system permissions
WannaCry/EternalBlue
Windows Management Instrumentation (WMI) lateral movement

Chris Nickerson, founder of Lares, said that these top five findings were common in “95% of the tests.”

Specifically, Lares confirmed that in three of the five most common findings, security basics including password, privilege and patch management could resolve the issues and that “every single vulnerability can be avoided or eliminated through better cybersecurity hygiene practices.”

In the case of brute forcing accounts, this can be resolved with the use of multi-factor authentication or with account lockout policies, while 'kerberoasting' can be managed with strong passwords, both in terms of length and complexity.

Meanwhile, “excessive file system permissions” can be mitigated with tools to detect file permissions abuse, enabling installer detection for all users and limiting the privileges of user accounts and groups.

Also, while they were publicly disclosed in 2017, the EternalBlue vulnerability can be mitigated by applying the Microsoft patch, disabling SMBv1 and blocking inbound SMB at your perimeter.

The only one of the top five which is not resolved with standard 'basics' is WMI lateral movement, which Lares said can be mitigated by disabling WMI or RPCS, restricting non-administrator users from connecting remotely to WMI, and preventing credential overlap across systems of ..

Support the originator by clicking the read the rest link below.