Common infrastructure issues - 2022
by Benjamin Svensson 2022-12-14
At Assured - in our penetration testing and advisory assignments - we've noticed that our customers have become increasingly interested in testing and securing their infrastructure. Based on these experiences, we want to share the five most common security issues that we've seen during 2022.
1. Excessive use of Domain Accounts
The use of Domain Admins as normal administrative accounts is one of the common issues we encounter. This is a major security risk, as it gives attackers a single point of entry into an organization's network. We strongly recommend that our customers stop using Domain Admins as normal administrative accounts and instead implement the principle of least privilege.
2. Lack of network access control
Another issue we often see is that organizations implement network segmentation but don't implement restrictions between subnets. This may allow an attacker to move laterally throughout the network once they've gained an initial foothold. To address this, we recommend implementing access control lists (ACL) or firewall rules to restrict access between subnets.
3. No detection in place
Another concerning trend is the lack of detection mechanisms. Without proper detection, organizations are flying blind and may not even realize that they've been hacked until it's too late. To combat this, we recommend implementing a robust detection and response strategy, including regular testing and the use of security tools such as intrusion detection and prevention systems (IDS, IDP). However, we advise to refrain from aiming too high right away, instead starting with small detection mechanisms to identify the use of Domain Admin accounts, access to sensitive systems from unexpected sources, etc.
4. Bad password policy (and no multi-factor authentication)
We also often see poor password policies and administrators creating weak passwords which are easy for attackers to guess. To address this, we recommend implementing strong password policies that require the use of complex/long passwords (where length > complexity) and multi-factor authentication. You may introduce a password manager to help users manage strong passwords for services.
5. Unpatched services
Finally, we frequently encounter unpatched services which can leave organizations vulnerable to known vulnerabilities with public exploits. To address this we recommend implementing regular patch management and keeping all services up to date with the latest security updates.
The year 2022 has seen an increased ambition by our customers to test and secure their infrastructure. While this is a positive development, we still see a number of common issues that need to be addressed. By implementing the recommendations above, organizations can improve their security posture and better protect themselves from potential attacks.