this post was submitted on 07 Oct 2023
23 points (96.0% liked)

Cybersecurity

5476 readers
100 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
23
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations (www.cisa.gov)
submitted 1 year ago by cron@feddit.de to c/cybersecurity@sh.itjust.works
0 comments fedilink hide all child comments
 

Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:

  • Default configurations of software and applications
  • Improper separation of user/administrator privilege
  • Insufficient internal network monitoring
  • Lack of network segmentation
  • Poor patch management
  • Bypass of system access controls
  • Weak or misconfigured multifactor authentication (MFA) methods
  • Insufficient access control lists (ACLs) on network shares and services
  • Poor credential hygiene
  • Unrestricted code execution

To be honest, this is one of the most useful lists I have read in a long time.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here