| Finding_Category_Name |
Description |
Standard Remediation |
Resources |
|---|---|---|---|
| Active Directory Weakness |
Active Directory (AD) is configured improperly. Some misconfigurations include unnecessary service accounts and permissions, insecure encryption ciphers, weak password policies, and/or insecure user or computer accounts. Attackers have various methods of pursuing AD weaknesses, including Kerberoasting, Golden Ticket attacks, Pass the Hash, or Pass the Ticket, which can lead to a total takeover of the infrastructure. |
Integrate and configure a strong password policy. Reduce and eliminate unused accounts. Ensure that permissions for users and computers use the principle of least privilege. Restrict the use of local administrators on domain computers for domain users. |
|
| Phishing Weakness |
A phishing weakness allows an attacker to send a weaponized email through the network border that executes on the local host when a user performs an action. These emails can contain a variety of luring attachments, Uniform Resource Locators (URLs), scripts, and macros. Inadequate protections allow malicious payloads to be executed. |
Regularly analyze border and host-level protections, including spam-filtering capabilities, to ensure their continued effectiveness in blocking the delivery and execution of malware. Validate and improve employee awareness by conducting periodic tests to see whether employees click on a link in a suspicious email without following appropriate procedures for authenticating the sender. Provide targeted training for employees who fail a test. |
https://www.zdnet.com, https://insights.sei.cmu.edu/insider-threat/2016/12/defending-against-phishing.html, https://www.splunk.com/en_us/blog/security/defending-against-phishing-frameworks-with-splunk-enterprise-security-content-updates.html, https://www.gartner.com/imagesrv/media-products/pdf/mimecast/Mimecast-1-4QT9Y3H.pdf, https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-phishing/ |
| Mobile Technology Weakness |
Mobile technologies are increasingly used to deliver services and data. The amount of data stored on mobile devices makes their applications targets for attack. Compared to traditional computers, the functionality on mobile devices is more difficult to regulate, and mobile devices support more complex interfaces (e.g., cellular, Wi-Fi, Bluetooth, Global Positioning System [GPS]), that expose more surfaces to attack. Insecure mobile technology has vulnerabilities that attackers can exploit to gain access to sensitive information and resources. |
Identify and protect sensitive data on mobile devices. Control passwords securely. Protect sensitive data in transit (DIT). Properly implement session management, authentication, and authorization. Secure all services and servers. Analyze and secure data shared with third parties. Track user consents to data collection and storage. Set controls to prevent malicious or unauthorized access to paid resources. Ensure mobile applications are provisioned and distributed securely. Test against runtime interpretation of code. |
https://owasp.org/www-project-mobile-security/, https://www.dhs.gov/science-and-technology/cybersecurity-mobile-app-security |
| System or Service Weakness |
Weaknesses within a system or service can result in missing critical security controls that leave the organization vulnerable to attacks. These weaknesses can include weak configuration guidance that insecurely configures systems and services throughout the organization, insufficient or missing configuration management that results in ad hoc or default configurations, etc. |
Develop and implement policies and procedures that standardize system or service configurations across the organization and ensure that adjustments do not adversely affect the security of the system or service. Ensure the organization has well-defined configuration management processes that integrate information security. |
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-128.pdf |
| Web Application Weakness |
The security of websites, web applications, and web services (e.g., application programming interfaces [APIs]) is referred to as web application security. Web applications can be attacked by exploiting vulnerabilities at the application layer, transport layer, and software supply chain. Web application weaknesses are typically vulnerabilities, system flaws, or misconfigurations in a web-based application. Attackers often exploit these weaknesses to either manipulate source code or gain unauthorized access to information or functions. Attackers may be able to find vulnerabilities even in a fairly robust security environment. |
Regularly test web applications to identify security misconfigurations, broken access control, injection vulnerabilities, cryptographic failures, insecure design, vulnerable and outdated components, identification and authentication failures, software and data integrity failures, and different types of request forgery vulnerabilities. Use passive and active testing techniques to help protect the security of web applications, including information gathering and input validation testing, client-side testing, API testing, authentication and authorization testing, and identity testing. Implement security controls (e.g., using up-to-date encryption, requiring proper authentication, continuously patching discovered vulnerabilities, keeping software updated, using secure configurations, and employing software coding best practices). Establish a holistic security strategy. |
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/00-Introduction_and_Objectives/README https://owasp.org/www-project-top-ten/ https://www.rapid7.com/fundamentals/web-application-vulnerabilities/ |
| Wireless Technology Weakness |
Wireless technologies allow mobile devices (e.g., laptops, smart phones, Internet of Things [IoT] devices, and printers) to connect to the enterprise network. Wireless networks can introduce potential vulnerabilities to an organization through weak policies that allow insecure wireless technology (e.g., insecure devices, insecure configurations, weak authentication processes, insecure encryption) on the network. |
Secure all wireless networks, including setting secure configurations on wireless routers and other devices. Separate the wireless networks from the primary wired network. Restrict access to the wireless network and the services on it. Monitor the devices and services on the wireless network. |
https://resources.infosecinstitute.com/topic/wireless-attacks-and-mitigation/, https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-protecting-wi-fi-networks-against-hacking-and-eavesdropping |