The everyday responsibilities of IT network administrators has been relatively consistent for the last 20 years. But, what is dramatically changing now is the security landscape. Here are three widespread IT issues that should keep network admins up at night. Luckily, all three are easy to fix.
Number 1: Open Direct Remote Desktop (DRD) (3389)
The remote desktop protocol is an oldie. However, the protocol is now vulnerable to numerous exploits that can use brute force to access any machine that is left open.Combat these threats with the following fixes:
- Restrict direct port forwards to limited addresses. Wide open port forwards let anyone try, restricting it to a specific set of IPs or ranges that encompass only what NEEDS to be used is important. Ideally, you do not want direct RDP port forwards, but if you must, restrict who can connect and from where.
- Use Remote Desktop Gateway, RD Gateway acts as a proxy between your remote connection and the internal network, it uses HTTPS and allows you to have a single address and port opened to the internet while being able to connect to potentially every enabled system on the internal network. RDG also give you the potential to have its own restrictions and added security settings with ACL, access times, multifactor and even geographic restrictions with filtering setup on the server.
- Use a secure access service instead of RDP. If you want to ensure that nothing can exploit RDP itself, you can use a third-party service hosted externally that requires secure logins and encrypted connections through an agent system.
Number 2: The Local Administrators Group
Every IT admin dislikes having to login as ‘someone’ to install or update a program and as a result, some administrators take the lazy route and set everyone or Domain Users in the local administrators group on machines. This practice is a nightmare waiting to happen because ransomware thrives in these situations. The infections will spread instantly to every machine with the domain users or broad group. Infections often run first as the user that was tricked into activating them, if they are an admin on their computer, that machine is a ghost. Your best scenario is hoping that the ransom is low or that you have good backups.
Generally, you should have as few administrators as possible. Give regular users the least amount of rights on the network to do their work and admin rights tasks should be done from a separate heavily secured, and audited account.
Number 3: 365 Global Admins and MFA
Global accounts can access and do everything and are gigantic targets. How do you prevent these targets from being hacked to oblivion? Make them as hard as possible to steal control of. Strong passwords, not shared, and unique for each account and service is the first step and then add multifactor authentication (MFA).
Microsoft 365 with global admin accounts are a quick and easy point to secure. But why stop there? Enroll the entire organization – that little six-digit code can save a pile of headaches and harm. Adding additional security to every software suite and external service will keep you moving forward and hopefully ahead of the bad actors. You can also use an MFA service like DUO.com to setup advanced MFA. Duo can be used to secure everything from Windows logons, remote network access, and potentially provide single sign-on with enhanced multifactor protection across multiple services which will tie everything above together with a nice security bow.