Lessons From a Pen Tester: 3 Steps to Stay Safer

From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.

Jim Broome, President & CTO, DirectDefense

June 22, 2023

4 Min Read
The phrase "penetration test" on a digital background
Source: Alexsey Funtap via Alamy Stock Photo

Having been in the cybersecurity industry since the early '90s, I've witnessed its transformation over many years. Today, my team conducts extensive research and testing to uncover vulnerabilities that organizations often overlook. We've successfully breached the networks of major companies in North America and identified security gaps that could have led to catastrophic consequences if left unmitigated.

In this article, I will share the top three tips that every organization must implement to secure their data and protect themselves from potential attacks based on our daily assessments and discoveries.

1. If Your Network Isn't Segmented, It's Not Secure

Cybersecurity experts preach the benefits of network segmentation, but according to data cited by CIO, only 25% of organizations implement it. If you don't have a logical separation between your most critical information and your everyday employees, you're going to have a hard time securing your network.

To secure corporate data, organizations need to have configurations in place on any floor and office space that touches network ports. Doing so will prevent someone from accessing the network from any device. Even seemingly harmless devices such as printers can pose a threat to a network. During a physical penetration test we were asked to conduct for a large airline, the consultant was able to gain physical access to the airline's internal network via a printer at the gate, all without encountering any employee intervention.

To prevent unauthorized access, it's vital to implement access controls such as passwords or user authentication, as well as keeping firmware up to date to address any known vulnerabilities. And if the corporate backup solution is easily accessible to you, then it's easily accessible to threat actors who can delete the backups and detonate ransomware. In the airline example, network segmentation would isolate printers from other parts of the network to limit the potential impact of a security breach. 

Firewall access controls should be established between internal network segments to limit access to network resources in the event of an attack. Physical or logical access control should also be implemented to prevent unauthorized physical access to devices.

So, keep your devices in check (and your printers) and your network will thank you for it.

2. Modernize Your Network as Much as You Can Afford

Over the past 30 years, Microsoft has made significant strides in the security of Windows and Windows networking. However, the Windows operating system still supports out-of-the-box legacy solutions that go back to Windows 95 — if not further, to Windows for Workgroups. If you've invested in modern operating systems such as Windows 10 or 11, or Windows Server 2016 or newer, there is no reason to continue to support these legacy solutions. By enabling "native mode domain," you can disable all the backward compatibility that may be weakening your network security and immediately enhance the security of your network. 

Companies can better reduce their security risks by eliminating their reliance on "end of life" solutions. Invest in upgrading legacy systems and ensure that all system software is patched through a vulnerability management and remediation program.

3. Greater Visibility Into Threat Vectors Through Content Filtering 

To improve your firewall's visibility into traffic leaving your environment, ensure that you have content visibility to block potential threats. The first question to ask is whether your employees are on the corporate network. A work-from-home culture may not scale well for you. However, there's no reason for your server systems to have unrestricted access to the Internet. Leveraging solutions such as content filtering can help you control the type of sites that could be accessed while an attacker is attempting to exploit your organization. For instance, blocking access to Mega.io and other common file-sharing sites used by ransomware threat actors is effective in stopping data exfiltration.

For employees in a work-from-home culture, content-filtering options such as Zscaler or even DNS monitoring solutions such as Umbrella from Cisco are useful not only for controlling the type of websites that corporate devices can access from outside of the building, but also for providing monitoring capabilities in case an employee falls victim to a phishing attack. Corporate assets should still be under the control of the organization, even if they're being used outside the traditional office environment.

Companies can no longer afford to take their eye off the ball when it comes to security measures — even basic protections such as firewalls are only minimally effective at intervening in today's potential threat levels. I cannot stress enough the importance of implementing these three things to be a step ahead of attackers and have visibility into your entire environment

About the Author(s)

Jim Broome

President & CTO, DirectDefense

Jim Broome is a seasoned IT/IS veteran with more than 20 years of information security experience in both consultative and operational roles. Jim leads DirectDefense, where he is responsible for the day-to-day management of the company, as well as providing guidance and direction for our service offerings.

Previously, Jim was a Director with AccuvantLABS where he managed, developed, and performed information security assessments for organizations across multiple industries, while also developing and growing a team of consultants in his charge.

Prior to AccuvantLABS, Jim was a Principal Security Consultant with Internet Security Systems (ISS) and their X-Force penetration testing team.

Jim has also developed and provided training courses on several security products, including being a primary author of the CheckPoint Software CCSA/CCSE/CCSI training program, as well as creating and delivering numerous client-focused training programs and events.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights