10 Routine Security Gaffes the Feds Are Begging You to Fix

Here are the most common misconfigurations plaguing large organizations, according to a new joint cybersecurity advisory.

Dark Reading Staff, Dark Reading

October 5, 2023

1 Min Read
CISA logo
Source: GK images via Alamy

The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a plea to network defenders to fix easy misconfiguration errors that allow threat actors to launch successful cyberattacks against their organizations.

Red and blue teams, as well as incident response teams from both agencies, identified these as the top 10 most common network configurations:

  1. Default configurations of software and applications

  2. Improper separation of user/administrator privilege

  3. Insufficient internal network monitoring

  4. Lack of network segmentation

  5. Poor patch management

  6. Bypass of system access controls

  7. Weak or misconfigured multifactor authentication (MFA) methods

  8. Insufficient access control lists (ACLs) on network shares and services

  9. Poor credential hygiene

  10. Unrestricted code execution

The agencies added that software providers need to immediately adopt principles of secure-by-design to prevent these and other misconfigurations.

"As America’s Cyber Defense Agency, CISA is charged with safeguarding our nation against ever-evolving cyber threats and to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day," the advisory said. "Ensuring software is secure by design will help keep every organization and every American more secure."

About the Author(s)

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Three fake human brains lying in leaf litter in a deserted forest clearing
Cyberattacks & Data Breaches
Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of BreachesVerizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches
byTara Seals, Managing Editor, News, Dark Reading
May 1, 2024
11 Min Read
Android logo on a smart phone
Сloud Security
Billions of Android Devices Open to 'Dirty Stream' AttackBillions of Android Devices Open to 'Dirty Stream' Attack
byJai Vijayan, Contributing Writer
May 2, 2024
3 Min Read
A yellow sticky note on a keyboard with a username and password written on it
Application Security
Dropbox Breach Exposes Customer Credentials, Authentication DataDropbox Breach Exposes Customer Credentials, Authentication Data
byElizabeth Montalbano, Contributing Writer
May 2, 2024
3 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events