decrypting myths
Logging
turned off
Disabled logging
doesn’t necessarily allow
an attacker to get into a
system, but it does allow them
to act like a ghost while they’re in
there. Once in, hackers can move
laterally through a network in search
of data or assets to exfiltrate. Without
logging, they can do all this while
leaving zero tracks behind.
This creates a true ‘needle in a
haystack’ scenario for incident
responders and forensic analysts
and makes their job that much
harder when trying to reconstruct
what may have happened during an
incident or intrusion.
Enabling logging and having it
sent to a centralised location, like
a security information and event
management (SIEM) platform is
highly recommended. That data will
provide the breadcrumbs needed
by forensic analysts during an
incident response investigation to
reconstruct the attack and scope
the intrusion. Additionally, it can
prove highly useful when it comes to
responding to threats that may have
triggered an alert from an event in
the collection of said logs.
It’s worth pointing out that keeping
operating systems up to date and
patched appropriately can prove
significantly effective at preventing
a breach, however. While there are
numerous exploits and vulnerabilities
found daily – and yes it can be difficult
to keep up – if administrators aren’t
properly maintaining their patch levels,
then it’s game over. Ironically, of the
www.intelligentciso.com
|
Issue 20
breaches I’ve worked on where the
attacker’s gotten in via a vulnerability,
a majority of them have been a
vulnerability that was ridiculously old. It
shouldn’t come as a surprise – attackers
will continue exploiting old bugs as long
as they’re effective. There’s hype around
detecting and preventing zero days but
the most common vulnerabilities that are
exploited can be classified as a fossil.
Having appropriate security
configurations requires your
applications, servers and databases
to be hardened in accordance
with best practices. Leaving these
devices or platforms in a default
state only makes the job of an
attacker that much easier. It may not
happen right away, but they’ll discover
these misconfigurations at some
point, gain unauthorised access –
and depending on their intent – steal
sensitive data or cause damage.
Avoid becoming an easy target and
follow these precautionary steps to
protect yourself and your data. u
69