NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
(www.cisa.gov)
from cron@feddit.de to cybersecurity@sh.itjust.works on 07 Oct 2023 20:21
https://feddit.de/post/4288612
from cron@feddit.de to cybersecurity@sh.itjust.works on 07 Oct 2023 20:21
https://feddit.de/post/4288612
Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:
- Default configurations of software and applications
- Improper separation of user/administrator privilege
- Insufficient internal network monitoring
- Lack of network segmentation
- Poor patch management
- Bypass of system access controls
- Weak or misconfigured multifactor authentication (MFA) methods
- Insufficient access control lists (ACLs) on network shares and services
- Poor credential hygiene
- Unrestricted code execution
To be honest, this is one of the most useful lists I have read in a long time.
threaded - newest