ENJOY $0 UPFRONT FEES AND THE FIRST TWO MONTHS FREE, WITH THE FLEXIBILITY TO CANCEL ANYTIME WITHIN THE FIRST 30 DAYS.

ENJOY $0 UPFRONT FEES AND THE FIRST TWO MONTHS FREE, WITH THE FLEXIBILITY TO CANCEL ANYTIME WITHIN THE FIRST 30 DAYS.

919.226.0000
Contact Us

Uncovering Vulnerabilities: Top Security Gaps Found During IT Onboarding

Jan 08, 2025

Request a Call

Author: Steven Lorenz, SecOps Engineer at SecureNA

During the customer onboarding process over the past year, we have seen several things that make us go “hmm.” While many small businesses do not have the in-house capability necessary to properly secure systems, most of these items are present in organizations switching from another Managed Service Provider (MSP) due to service-related concerns. I get that the MSP I work for is not like the run of the mill MSPs that knock on the door with high-pressure sales tactics and empty promises. Many MSPs choose an “easy button” onboarding approach where “if it ain’t broke, we’re not changing it” is the underlying mantra. Others often lack the technical understanding to properly secure systems, instead relying heavily on 3rd party vendors to provide a solution to the unknown. I like to think that Secure Network Administration is different in those respects. We are growing a world class team with deep systems knowledge and a forward-looking, research-driven process to keep customers’ technology investments running smoothly and their data where it belongs.

This I decided to make a list of some of the biggest issues we come across related to new customer onboarding. These are in no specific order as they are often equally present among organizations. While some seem simple to resolve, others may require specialized support to overcome. Along the way, I will add a few free DIY options where possible.

Patching

Patching should be a straightforward process, but it is much more difficult than anyone gives credence. When onboarding a new customer, we often find significant room for improvement. Issues range from computers that have had patching completely disabled to devices managed by a previous MSP that show “perfect” RMM patch scores that are inaccurate. Sometimes we even onboard workstations and servers with years of missing patches, a behavior seen across companies of any size.

DIY fix for network operators: set everything to auto-patch and check in on those devices that need a manual monthly update, but I would recommend either manually checking more often or subscribing to vendor feeds to be notified of recent updates.

Cloud Identity Oversights

Be it a misunderstanding of shared responsibility models or the product of a confusing product matrix, we find the most negatively impactful configuration issues in the cloud. Cloud portals are often complicated and change every time you look at them. Some common issues include:

  • Over reliance on Security Defaults
  • Misconfigured MFA
  • Unconfigured identity controls
  • Limited logging and non-configured alerting

DIY methods here include retrieving the CIS Foundations Benchmark for the cloud service you subscribe to. The benchmarks walk you through both auditing settings that are in place and offer step-by-step guidance to remediate issues. Complete coverage of level 1 controls is more secure than service defaults.

Active Directory Insecure Defaults and Misconfigurations

Most people expect that new systems are secure out of the box, yet that could not be further from the truth. Take, for instance, Microsoft’s Active Directory. During onboarding we often find a plethora of defaults and misconfigurations here, not limited to the following:

  • Limited or no event logging
  • Out-of-date protocols like SMB 1 or NTLM
  • Weak password policies, shared passwords, and password reuse
  • Inadequate account protections, especially regarding admin and service accounts not in the Protected Users group
  • Vulnerable protocols like LLMNR or NetBIOS Name Resolution.

DIY fixes for some of these situations are more complicated, but a good place to start is by validating your Active Directory configuration using a tool like PingCastle. PingCastle offers some guidance on how to resolve many issues found, though a word of caution – slow and methodical is best, tracking changes along the way so you can always back out changes if issues arise a few days later.

No Documentation

It’s difficult to maintain an adequate security posture if you don’t know what you’re securing. Hardware and software inventories are rarely correct, (if even available) and most of the time network diagrams don’t even exist. These items are cornerstones to a successful security program and are exceedingly helpful when working with new 3rd party vendors like MSPs or Incident Response firms.

DIY option: While automated means exist for inventory, an Excel Spreadsheet is a straightforward way to start. The Center for Internet Security (CIS) offers this free Excel template. Tools like Draw.io or SmartDraw offer web-based diagramming tools to help draw out a basic network diagram.

Office Network Configurations

Office networks are often full of surprises. Again, many of these items are from out-of-the-box defaults that were designed to get a network up and running quickly, not securely. Others stem from simplicity or the need for a quick change. Some common network mistakes include:

  • Lack of separation between Guest and Internal networks or, worse yet, allowing guests to use the internal network
  • Lack of a firewall or use of a firewall with an incomplete configuration
  • Lack of separation on the local network, enabling easier lateral movement between devices
  • Internet-facing critical servers with no unprotected methods for remote access. Most often we see remote desktop servers configured this way, but occasionally we see database servers open to the world as well.

Many network intrusions occur from easily accessible remote desktop servers or inadequate firewall settings. Remote desktop servers are common targets due to insecure defaults and limited default logging. On the DIY side, this one gets more difficult as we need to consider multiple device configurations. Firewall and network device configurations can also follow CIS Benchmarks and best practices.

Wrapping Up

We’ve reviewed some of our most common issues with customer onboarding in 2024, but most of these are nothing new. We highly recommend performing audits of your systems using CIS Controls and Benchmarks as a good starting point for a secure foundation. Additionally, we have introduced a few tools that may help you along the way.

Security is a journey, not a destination. If you find yourself in need of a guide along the way, reach out to us at SecureNA.