Secure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.
Web server and application server configurations play a key role in the security of a web application. Failure to manage the proper configuration of your servers can lead to a wide variety of security problems.
Computers and network devices should be configured to minimise the number of inherent vulnerabilities and provide only the services required to fulfil their intended function.
Some of these problems can be easily detected by rogue agents with common security scanning tools. Once detected, vulnerabilities can be exploited very quickly and result in the total compromise of a system or website, including databases and corporate networks.
Are you at risk? The following practices should be avoided:
- Using default passwords for a variety of systems and devices.
- Lack of a formal configuration management process or system.
- Unnecessary software installed on networks and servers.
- Lack of a consistent software installation process.
- Improper file and directory permissions.
- User accounts with unnecessary access privileges.
- Auto-run features that are enabled without requiring administrator consent (these can activate the installation of malware).
- Lack of personal firewalls on all devices, including mobile devices.
- Lack of a documented configuration management system for networks, software and web platforms.
- Configuration management system is not reviewed and updated frequently.
Incorrectly configured file-sharing software was installed on a desktop computer at a major medical centre that handles highly sensitive data. Owing to the improper configuration, a user was unwittingly allowed access to all files on that computer, resulting in a data breach.
View another control:
Solutions for Cyber Essentials certification
IT Governance offers three unique solutions that will enable you to achieve certification to either Cyber Essentials or Cyber Essentials Plus cost-effectively and easily.
View the three solutions >>