AuthorS: ERIC BUCK | RYAN BRADBURY
Introduction
Security doesn't begin with advanced threat hunting or sophisticated penetration testing. It starts with a solid foundation. While SEVN-X specializes in finding the complex vulnerabilities that other vendors miss, we know that even the most advanced security program will fail if the fundamentals aren't in place first.
The following hardening measures represent the essential building blocks every organization needs before moving to more sophisticated security initiatives. These aren't comprehensive solutions, but they are critical prerequisites. Think of them as the foundation of a house: without them, everything else becomes unstable.
Some organizations jump straight to advanced security tools and assessments without addressing these basics, leaving glaring gaps that threat actors regularly exploit. Before investing in complex security solutions, ensure these foundational security controlsfundamentals are rock-solid in your environment.
System & Infrastructure Hygiene
1. Turn Off Unused Ports
Close any unused ports in public areas or conference rooms. This reduces your attack surface and prevents unauthorized network access.
2. Review Fileshare & Sensitive Folder Access
Periodically review and tighten access controls to fileshares and sensitive folders. Ensure only authorized personnel have the necessary permissions to critical data.
3. Audit AD Certificate Services (ADCS) Regularly
Consistently audit your ADCS configurations and issued certificates. Misconfigurations can lead to privilege escalation.
Network & Protocol Hardening
1. Secure IPv6 Internally
Don't sleep on IPv6! IPv6 traffic is susceptible to man-in-the-middle (MiTM) attacks and can provide initial footholds to attackers. Restrict (or disable, if possible) IPv6 traffic internally.
2. Disable LLMNR / NBT-NS
Turn off Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) to prevent common credential relay and spoofing attacks within the network.
3. Enforce SMB Signing
Mandate SMB Signing to protect against man-in-the-middle (MiTM) attacks and disrupt lateral movement.
4. Enforce LDAP Signing / Channel Binding
Enforcing LDAP signing and channel binding protects against critical relay attacks and ensures secure communication.
5. Restrict Computer Additions to Domain
Prevent unauthorized devices from being added to your Windows domain. Restricting this capability limits potential entry points for attackers.
6. Segment the Network
Segmenting your network limits the lateral movement of attackers within your network, containing breaches, and minimizing their impact.
Credential & Account Management
1. Increase Password Length
A longer password is a stronger password. Increase minimum password length requirements for general use and administrative accounts, across your organization to enhance resistance against brute-force attacks.
2. Fine-Grained Password Policy (FGPP)
Fine-Grained Password Policies enforce stricter, longer password requirements specifically for privileged accounts. FGPP adds an essential layer of security where it's needed most.
3. Expire Passwords
Regularly expiring passwords, coupled with strong password policies, helps mitigate the risk of compromised credentials remaining active indefinitely, even after stricter password requirements are introduced.
4. Change Password on First Logon
Randomly generate passwords for new hires and enforce immediate password changes for new users to prevent the use of weak, default credentials.
5. Use GMSA for Service Accounts
Enhance security and simplify management by using Group Managed Service Accounts (GMSA). GMSA eliminates the need for manual password rotations and reduces the risk of credential compromise.
6. Admin-Only Accounts for Admins
Ensure your administrators use separate, dedicated accounts for their privileged tasks. This minimizes the risk of credential exposure during routine, less-privileged activities.
7. Add Privileged Accounts to Protected Users Group
Place your highly-privileged accounts into the Protected Users group. This group provides enhanced security against credential theft attacks like Pass-the-Hash.
8. Review Privilege Group Memberships Regularly
Consistently audit and review the members of your privileged groups (e.g., Domain Admins). This proactive measure helps identify and revoke unauthorized access.
9. Review and Restrict Local Admin Access Regularly
Limiting these privileges reduces the impact of a compromised local account.
Physical Security
1. Properly Place Exit Sensors
Place Request-to-Exit (REX) sensors (often infrared or motion) far enough away from the doors they operate to prevent them from being triggered.
2. Ensure Tight Door Tolerances
Make sure doors and locks fit tightly (top, bottom, and sides) into their frames and locking mechanisms to prevent common bypass techniques.
Conclusion
These foundational cybersecurity controls measures form the baseline that makes advanced security investments worthwhile. Without proper hygiene in these areas, even the most sophisticated security tools and assessments will provide incomplete protection.
At SEVN-X, we've seen too many organizations discover through our penetration testing and incident response work that basic misconfigurations created the initial foothold for sophisticated attacks. The threat actors we encounter in our forensics work don't always use zero-day exploits; they often succeed by exploiting fundamental gaps that should have been addressed months or years earlier.
Consider this checklist your security foundation audit. Once these fundamentals are solid, you're ready to build a truly robust security program through advanced testing, monitoring, and response capabilities. A strong foundation enables everything else—from effective threat detection to meaningful security assessments that actually improve your risk posture.
The goal isn't just to check boxes, but to create the stable groundwork that makes every other security investment more effective.
SEVN-X penetration testing and advisory engagements consistently surface the same foundational gaps. If you want to know where you actually stand against this checklist (and what an attacker would find first) a targeted assessment gives you the clearest answer.
FAQs
Foundational cybersecurity controls are the baseline security measures every organization needs before investing in advanced security tools. They include system hygiene (unused ports, access controls, ADCS audits), network hardening (SMB signing, LLMNR disabled, network segmentation), credential management (password policies, privileged account controls), and basic physical security.
Start with credential and account management: strong password policies, separate admin accounts, and removal of stale or orphaned accounts. Then address network hardening: disable LLMNR/NBT-NS, enforce SMB signing, segment the network. These are the gaps SEVN-X practitioners see exploited most consistently in penetration testing and incident response engagements.
Advanced tools assume a secure baseline. When foundational controls are missing, attackers exploit those gaps before sophisticated defenses ever engage. Misconfigured ADCS, default credentials, and unsegmented networks create the initial footholds that threat actors use in the majority of breaches SEVN-X responds to.