Inventorying Organization Authentication Points

Are you looking for threat-proactive ways to secure your enterprise? One of the best ways to do this is by inventorying all of the points of authentication within your organization. In this blog post, we’ll discuss the steps you need to take to properly inventory and secure your Internet-facing authentication points. While you should have a complete and accurate inventory of these exposures, starting the process with a focus on critical systems is a common approach.

Inventory Process

1. Identify the different types of authentication used by the organization for remote access (e.g. passwords, two-factor authentication). If possible, use vendor data to include cloud-based critical services as well.

2. List all of the systems and applications that require remote access within the organization. External vulnerability scanning data and Shodan are both useful sources for this information.

3. For each system/application, document the type of authentication used and any additional security measures or policies related to remote access (e.g., password complexity requirements). Vendor management risk data can be useful here, if available.

4. Check with user groups to ensure that they use secure authentication methods and follow security policies when accessing systems/applications remotely.

5. Monitor access logs for signs of unauthorized access attempts or suspicious activity related to remote access authentication.

6. Regularly review and update existing remote access authentication processes as necessary to ensure the continued security of organizational resources over the Internet.

Why This Is Important – Credential Stuffing & Phishing

Inventorying all of the points of authentication within an enterprise is essential as protection against credential stuffing and phishing attacks. Credential stuffing is a type of attack where malicious actors use stolen credentials to gain access to different accounts, while phishing attacks are attempts to acquire confidential information through deceptive emails or websites. In both cases, it is important that organizations have proper authentication measures in place to prevent unauthorized access. Inventorying all of the points of authentication within an organization can ensure that the right security protocols are in place and that any suspicious activity related to authentication can be quickly identified and addressed.

In addition, having a detailed inventory of all points of authentication can help organizations identify any weak spots in their security measures. This allows them to take steps to strengthen those areas and further protect themselves from potential credential stuffing or phishing attacks. By regularly reviewing and updating their authentication processes, organizations can ensure that their resources remain secure and protected from any malicious actors.

Lastly, ensure that you feed this inventory and the knowledge gained into your enterprise risk assessment processes, incident response team, and other security control inventories. Make a note of any security gaps identified during the inventory process and ensure complete coverage of the logs and other intrusion detection systems at each potential point of authentication. By following these steps, you can ensure that your enterprise remains secure and protected from any potential threats associated with credential stuffing and credential theft associated with common phishing attacks.

 

Introducing AirWasp from MSI!

NewImage

For over a decade, HoneyPoint has been proving that passive detection works like a charm. Our users have successfully identified millions of scans, probes and malware infections by simply putting “fake stuff” in their networks, industrial control environments and other strategic locations. 

 

Attackers have taken the bait too; giving HoneyPoint users rapid detection of malicious activity AND the threat intelligence they need to shut down the attacker and isolate them from other network assets.

 

HoneyPoint users have been asking us about manageable ways to detect and monitor for new WiFi networks and we’ve come up with a solution. They wanted something distributed and effective, yet easy to use and affordable. They wanted a tool that would follow the same high signal, low noise detection approach that they brag about from their HoneyPoint deployments. That’s exactly what AirWasp does.

 

We created AirWasp to answer these WiFi detection needs. AirWasp scans for and profiles WiFi access points from affordable deck-of-cards-sized appliances. It alerts on any detected access points through the same HoneyPoint Console in use today, minimizing new cost and management overhead. It also includes traditional HoneyPoints on the same hardware to help secure the wired network too!

 

Plus, our self-tuning white list approach means you are only alerted once a new access point is detected – virtually eliminating the noise of ongoing monitoring. 

 

Just drop the appliance into your network and forget about it. It’ll be silent, passive and vigilant until the day comes when it has something urgent for you to act upon. No noise, just detection when you need it most.

 

Use Cases:

 

  • Monitor multiple remote sites and even employee home networks for new Wifi access points, especially those configured to trick users
  • Inventory site WiFi footprints from a central location by rotating the appliance between sites periodically
  • Detect scans, probes and worms targeting your systems using our acclaimed HoneyPoint detection and black hole techniques
  • Eliminate monitoring hassles with our integration capabilities to open tickets, send data to the SIEM, disable switch ports or blacklist hosts using your existing enterprise products and workflows

More Information

 

To learn how to bring the power and flexibility of HoneyPoint and AirWasp to your network, simply contact us via email (info@microsolved.com) or phone (614) 351-1237.


 

We can’t wait to help you protect your network, data and users!