What is security misconfiguration? And what are the best techniques to prevent security misconfiguration?
Security misconfiguration occurs when systems or applications are not properly or securely configured and hardened. These are security controls that are configured inaccurately or left in insecure settings, putting organizations at risk of being compromised by threat actors. Besides, it occurs when security settings are not adequately defined in the security configuration process or perhaps maintained and deployed with default settings, which are insecure practices. Furthermore, it is a failure to implement the proper security controls for systems, applications, software, infrastructure and related organizational resources. These misconfigurations may enable threat actors to gain unauthorized access to systems and other assets in the organization.
Some cases of security misconfiguration may include:
- Unpatched and un-updated systems
- Use of default credentials such as accounts and passwords
- Error messages that throw too much information
- Open database instances and ports
- Inadequate access controls
- Enabling unnecessary features and services
- Deprecated protocols and encryption algorithms
- Improper application coding standards or practices
- Directory traversal vulnerabilities
- Failing to encrypt sensitive data
- Disabled endpoint security
- Unsecured devices
Safeguards against security misconfiguration in an organization may include, but not limited to:
- Regularly patching and updating all systems and devices
- Robust security hardening measures such as disabling unnecessary features and services
- Establish and follow secure coding standards
- Apply encryption securely
- Security awareness training
- Strengthen remote access controls