How are Security Misconfigurations Detected, Diagnosed, and Determined?

security misconfiguration

Security misconfigurations, one of the OWASP Top 10 Vulnerabilities, are known to erode the security posture immensely owing to their common occurrence and easy exploitability. When such vulnerabilities are not identified and/or left unaddressed, their lethality is heightened.

A deep dive into the security misconfigurations, their detection, diagnosis, and prevention will be provided in this article.

What are Security Misconfigurations?

In the complex and dynamic IT landscape, misconfigurations can arise in any of the multiple layers of the application stack such as the servers, network services, platform, framework, databases, and so on.

Examples

  • Directory listing is not disabled
  • Unpatched software, legacy options, unwanted services, unused pages/features, and unprotected files/ directories, are running on the application
  • Debug mode is used in the production environment
  • Outbound connections to internet service are enabled
  • Unnecessary admin ports are left open

Why Do These Vulnerabilities Occur?

security misconfiguration vulnerabilities
security misconfiguration vulnerabilities
  • Human error is at the core of many misconfigurations
  • The misconception of ‘don’t fix what is not broken’ has led developers/businesses to leave configurations unchanged even though there is an underlying risk permeating from the vulnerability.
  • Default settings/ configurations have been left unchanged by webmasters/ developers. Today, attackers are known to rely on unchanged and insecure default settings/ configurations to orchestrate automated attacks on applications.
  • Configurations that were incomplete and meant to be temporary have remained unchanged. In this case, even the application which was safe in the development environment is exposed to a high risk of attacks in the production environment.
  • Use of easily exploitable gateways like unpatched software/ components/ libraries/ flaws, outdated options, unnecessary services, rarely used pages/ features, etc.

Newer, more complex, and challenging security misconfigurations are emerging with

  • The advent of the hybrid data centers
  • Extensive usage of public clouds & third-party components
  • Increasingly dynamic and complex applications, OS, frameworks, and workloads that are constantly upgraded/ changed
  • Technologically diverse environments
  • Firewalls with loosely defined and permissive policies
  • Third-party vendors whose offerings lack visibility and/or shared responsibility

How are Security Misconfigurations Detected, Diagnosed, and Determined?

1. Gaining Visibility into the Hybrid and Complex Environment

To do so, a real-time map of the entire ecosystem is necessary. All assets and the communication and workflows across the entire environment (including on-premises, hybrid cloud, containers, micro-services, third-party/ external/ shared components) must be inventoried and mapped accurately. This is done using asset discovery scans, security scanning, network diagrams and spreadsheets, and IP databases.

A deep insight into the expected behaviors, performance, and health of the different assets in the infrastructure is made possible by visibility. Potential misconfigurations can also be identified with the gained visibility.

For instance, it is revealed by the real-time communication and flow map that the application is returning verbose error messages containing internal data. Upon deeper diagnosis, it is identified that the debugging mode (used during the development) was not disabled when the application went live. So, the business can fix it before giving it a chance to attackers.

2. Scanning and Testing Internally and Externally for Misconfigurations

3. Prevention of Misconfigurations

security misconfiguration prevention
security misconfiguration prevention

After gaining full visibility into the environment, and detecting and determining the risk of security misconfigurations, the critical assets and infrastructure must be identified.

Unnecessary communication with the critical infrastructure must be blocked with a micro-segmentation approach. So, even if any vulnerabilities are exploited, the attackers will not gain access to sensitive information or critical assets.

Further, necessary steps must be taken to mitigate the misconfigurations and strengthen the security posture. For instance, updating software, removing legacy and unused features, changing default configurations, and so on.

Conclusion

With several different variations and combinations possible, the success rate of attacks that are orchestrated by exploiting security misconfiguration vulnerabilities is high. Given the criticality of web application security and data privacy & confidentiality, the proactive detection and mitigation of security misconfigurations is a matter of business continuity. Remember the process of detecting and mitigating such misconfigurations is not a one-time action and must be repeated regularly to ensure a robust security posture.

For more cybersecurity features and news, follow Indusface on Twitter and Facebook.

Originally published at https://www.indusface.com.

With cyber-security products built in the cloud and the most advanced intelligence platform, our variety of solutions will help you prevent today’s risk