One of the foundations of network security is ensuring that appropriate security configurations are established and maintained in the network systems. Most of the times, these systems are configured manually or left with default configurations leading to misconfigurations. This is mainly due to lack of visibility and tools to manage security configurations across a plethora of systems. A simple flaw like a default password or an open share when leveraged by an attacker thwarts all the security efforts taken by the organization to prevent a breach . Moreover, enterprises are becoming more dynamic and have started to embrace new technologies, which in turn have increased the occurence of configuration drifts. This creates the need for security configuration management.
Vulnerability Manager Plus helps you identify misconfigurations in Windows systems and remediate them by deploying secure configurations. Besides, it also delivers details on network operation issues that might arise due to modifying existing configurations. This helps you to safely alter security configurations without affecting your business. Following are the major security configurations that you can manage directly from the Vulnerability Manager Plus console.
Ensure firewall is enabled and default inbound and outbound policies are configured appropriately. Also, identify and block unsecure ports that allow unauthorized and unintended actions.
Configure password length, complexity, age and history as described in the security guidelines defined by Microsoft and benchmarks such CIS.
Verify whether BitLocker encryption is enabled in your Windows systems to protect entire disk volumes.
Gain details on systems in which folder shares and default admin shares are enabled and remove them based on your needs.
Make sure secure logon is enabled and also ensure sensitive details are not displayed at the lock screen. Also, set account lockout duration, account lockout threshold and rest lockout counter after policies as described in the Microsoft security guidelines.
Revoke user rights to unintended users, enforce least privilege, and ensure admin accounts are not displayed during elevation. Ensure user account control is configured properly.
Disable default built-in accounts such as guests, built-in administrator and other local admin accounts and secure your network systems.
Make sure memory protection settings, logon authentication settings, autoplay/autorun settings, etc are configured appropriately in your endpoints.
Enable safe browsing, restrict unsecure plugins, enable browser updates and other security settings to safeguard browsers such as Internet Explorer and Chrome and prevent browser based attacks.
Disable legacy protocols such as Telnet, SMB (Server Message Block), SNMP (Simple Network Management Protocol), TFTP (Trivial File transfer Protocol) and other legacy protocols that act as a potential attack vector.