If you work in an organization that values its digital data and a good relationship with suppliers, partners and customers, I am willing to bet you have a number of cyber defenses in place.
Your web access will be likely protected by a robust firewall. Your wireless can perhaps only be accessed via a unique login. Maybe you even encrypt data that you store.
I bet you also ensure vulnerabilities are patched regularly, and you even reply on the default security settings in apps. After all, if the makers recommend them, surely they are optimized for performance and security?
Wrong. And we can prove it.
TBG’s Offensive Security expert Ryan has created a video series showing organizations how vulnerable they may be to a targeted attack – risking the theft of valuable and confidential data – if they choose to rely on default security settings.
Without relying on zero-day exploits or known vulnerabilities, Ryan created a handful of attack simulations on the popular log aggregation and correlation engine, Splunk.
“Turns out many IT administrators rely on Splunk’s default security configurations, assuming the default settings are strong enough to thwart cyber attacks.They’re not,” says Ryan.
The purpose of his research is to show IT administrators how easily someone with a motive and intermediate cyberattack skills can bypass default security settings.
The goal is to encourage the IT teams to review their security strategy, which is why we pulled together the following expert IT security recommendations.
Splunk needs access to machines to receive and collate logs, but it doesn’t require unrestricted and unmonitored access.
The “Administrator” accounts hold the master keys to the kingdom – not just for the Splunk installation itself, but access to all the data Splunk is parsing, as well as access to the systems running universal forwarders. Implement the following policies across the organisation:
IT Security staff need to be intimately aware of the environment architecture, continuously monitoring for anomalies, threats or suspicious behaviour. This offensive approach acts as a vital line of protection, sniffing out potential problems and abnormalities before they cause damage to the system, data, users or organisation.
If you are concerned about your Splunk installation and want to discuss how to test, assess or remediate it, get in touch. Our team’s certified Splunk experts know how to architect secure and scalable Splunk installations. Go on – put them to the test!