Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later – so let’s look at a few common security misconfigurations.
The first one is development permissions that don’t get changed when something goes live. For example, AWS S3 buckets are often assigned permissive access while development is going on. The issues arise when security reviews aren’t carefully performed prior to pushing the code live, no matter if that push is for the initial launch of a platform or for updates.
The result is straight-forward; a bucket goes live with the ability for anyone to read and write to and from it. This particular misconfiguration is dangerous; since the application is working and the site is loading for users, there’s no visible indication that something is wrong until a threat actor hunting for open buckets stumbles upon it.
Careful security reviews of all applications and sites before they get pushed to the live environment – both for initial launch and for update cycles – are critical in catching this type of misconfiguration. Each bucket should be checked to ensure that it has the least viable permissions set on it to allow the platform to work, and nothing more.
On the non-cloud side of the house, one of the most common misconfigurations is not enforcing Group Policy, anti-malware, and other centralized management rules and updates. Laptops that rarely ever connect directly to a company network may go for months without getting these critical changes, leaving them undefended as the security landscape changes.
images from Hacker News