Today’s cybersecurity climate necessitates a sound understanding of security risks across your enterprise IT infrastructure from threats both outside and inside your organization. While outside threats seem to be the most worrisome and probably account for the majority of attempted attacks, according to SpectorSoft insider attacks cost companies a combined $40 billion in 2013. Most organizations will say they have a robust security strategy but how many of these common security risks has your IT department addressed?
Applet viewers
As discussed in my previous blog post, The Plugin Free Web, applet viewers represent a significant security risk. Eliminating the use of applet viewers and moving to an HTML 5 viewer is a must for all IT departments.
Using deprecated hash algorithms in SSL certificates
As technology evolves, it is critical to stay ahead of those who wish to defeat cryptographic technologies and using proper hash algorithms in SSL certificates is imperative. SHA-1 is a deprecated hash algorithm that should no longer be used inside any organization and, as of 1/1/17, all certificates should be using SHA-256.
Make sure your infrastructure is up to date with patches and fix packs
Most organizations take an “if it ain’t broke, don’t fix it” approach when it comes to version updates to their software but that short-sighted thinking can lead to trouble. Without regular maintenance to all components of your platform, releases containing critical security patches and major user-facing fixes can necessitate daunting, multi-version upgrades leaving your organization vulnerable while you scramble to complete the fix. Regular maintenance of Web Servers, Load Balancers, Application Servers, Operating Systems, and Java is critical for security keeps your organization running smoothly. For more information, please read Eric Walk’s excellent blog post on this topic.
Bypassing SSL and creating security holes into your organization
When leaving the house you wouldn’t lock the front door while simultaneously leaving your back door open, so why do some organizations allow people to bypass SSL in their production environments? SSL is only effective if you are encrypting information at all layers of your system, otherwise, you are opening up security holes in your system and potentially allowing HTTP session hijacking with a simple URL change.
Guessing document versions
Modern ECM systems often use GUIDs as document identifiers, but legacy systems may have used an integer sequence to generate its document ids. In fact, FileNet Image Services and IBM Content Manager both use integers in some way to identify a document. Worse, legacy systems usually fail to implement document level security. This means that a URL hacker (link) might be able to access arbitrary documents by simply viewing document id 12345677 and then changing the URL to point to 1234578. This can be a major problem for all systems containing sensitive information and, for systems containing health records, this is a serious HIPAA compliance risk.
Poor password and access policies
Shared application or database IDs; giving users access to things they don’t need; and storing encryption keys, default credentials, and passwords in files are all examples of weak policies that compromise security. Administrative accounts are the crown jewel for malicious persons seeking unauthorized access to a system and shared application or database IDs represent a single point of failure for your entire system’s security. Users should only have access to the things they need and weak access policies can expose sensitive data to people that don’t need access to it. On a similar topic, passwords should not be given to operating system users that don’t absolutely need them. Finally, storing secrets where they may be readily accessible to savvy individuals who can access the files on your web server is NEVER a good idea. Products like Vault are a good way to make strong password and access policies easy to implement.
Virus-laden downloads and committed documents
Each employee is in charge of their own workstation, and downloads to their PC can pose a security threat to your entire organization. No matter how a virus is downloaded, you’re lucky if the damage is contained to that single person’s computer. Unfortunately, if a virus-laden document is committed to your ECM system that virus can spread to your entire organization, giving attackers access to your most precious data. This risk can be reduced by adoption of HTML5 viewers, which make downloading documents unnecessary, but only proper network isolation can truly contain this threat.
Logging of personally identifiable information (PII) in trace logs
Yes, proper trace logging helps you identify problems with your environment but PII is sensitive information that should NEVER appear in trace logs. This threat is more likely to occur accidentally when increasing logging levels to resolve an issue. Once PII is in your logs it can become very difficult to remove without deleting the entirety of your organization’s trace logs. Developers and administrators should take proper steps to ensure that PII can never be logged, even accidentally.
Prod vs Dev Clarity
Mistakes happen and proper separation of your environments is essential for limiting the cost of an accidental reboot or an accidentally dropped database table. Having explicit procedures for changes in production and clear separation of your working development environment from your production system means that mistakes in DEV have little impact on your real data and users.
Defining, recognizing and handling risky behavior
As I mentioned earlier, insider attacks are extremely costly for organizations and defending against these types of attacks requires your organization to define, recognize and handle risky behavior. According to PWC employees who committed cyber crimes exhibited suspect behavior beforehand and if your organization has a protocol for handling such behavior, you may be able to stop insider attacks before they happen.