1. Never make firewall and web filter exemptions for laptops, PCs or Servers.
2. Ignore outgoing firewall rules.
3. Placing Internet accessible resources on the internal LAN.
4. Allow DNS zone traffic to any server.
If you allow zone transfers to any server, all resource records in the zone are viewable by any host that can contact your DNS server. This includes rogue DNS servers located within your network.
5. Checking your email or surfing the web using an admin account.
6. Host more than Active Directory on a domain controller.
7. Re-use the same password.
8. Use Administrator credentials to log on to a workstation.
If you use your administrator credentials to log on a machine that is not a domain controller, you are literally handing your credentials over to attackers. There are very easy ways of getting your cached credentials. And for Local Admin, it takes less than 20 seconds to elevate privileges from Local Admin to Domain Admin using code freely available on GitHub.
9. Deploy open Wi-Fi networks.
Remember that security should never be sacrificed at the altar of convenience!
Contact us to audit your IT today.
English
French
Spanish