This document is intended to provide IT Admins with an actionable security awareness checklist when installing new apps. Too often, people just accept the defaults and hit NEXT NEXT NEXT, and they get hacked. This document is more for server-side apps, but many suggestions apply to desktops and even mobile phones. Cyber Security awareness is essentially a mindset and it’s more than just for IT admins. I recently wrote a comprehensive guide about security awareness training for employees if you want to learn more about this topic.
This list summarizes what people commented on a LinkedIn post I recently wrote.
Security Best Practices BEFORE Installing New Software
- Do some due diligence about the vendor. Check who the vendor is? Have they been compromised? What do people say about them online?
- When you download a file, it's always good practice to check the hash of the downloaded file against the one listed on the vendor's site. If the hashes don't match, there might be something wrong with your download, or worse yet, someone might have replaced your download with something malicious.
- Check if the application has security holes that criminals can exploit by going to cve.mitre.org. It is always better to find out now rather than after the fact.
- Read the terms and conditions and know what you are signing up for. Look for things like, who owns the data? What can they do with the data? What jurisdiction does it operate under?
Security Best Practices WHEN Installing New Software
- Don't Click NEXT NEXT NEXT!
- Ask the vendor for their hardening checklist recommendation. If they do not have one, you're better off seeking other vendors.
- Change the default credentials. Use a unique password that you created. Try to make the password at least 12 characters long.
- If the app supports Multi Factor Authentication, then enforce it for everyone. Making MFA default, will make user’s accounts safer.
- Watch out for typos. Cyber-criminals make malicious packages under the name of a commonly misspelled package, hoping someone will make a typo in the name and download the malicious one instead.
- Never Copy Paste Commands from the internet directly into your terminal. You would assume that what you copied is what you paste, right? Well, nope! You think you are copying one thing, but it's replaced with something else, like malicious code. All it takes is a single line of code injected into the code you copied to create a backdoor to your app. This attack is very simple but also very harmful. Watch a Live Demo of How This Attack Works
- Don't use personal or domain admin accounts to run services. If an attacker gets access to your account, they will have a solid position to attack your entire network.
- Don't make any web application public before consulting the cyber security team.
- Ensure that the base OS and the software you are installing are updated with the latest security patches. Updates usually include essential security updates.
- Don't install remote management software such as TeamViewer / AnyDesk on any server!
- Perform regular user/account cleanups to ensure that inactive and dormant accounts are removed.
- Perform regular DNS record cleanup and remove stale/unused records to minimize DNS takeovers.
- When using Linux, create a user other than the default "root". You don't need to be root all the time. Instead, you can use sudo.
- No shortcuts: Always make sure you specify the full path of the app you are executing.
Security Best Practices AFTER Installing New Software
Don't forget to set aside plenty of time for platform engineering testing and documentation. This will ensure that your team knows which exceptions need to be applied to the EPP/EDR and what is considered 'normal expected behavior.'
Huge Thank You to all those whose comments helped to write this post: