Security doesn't begin with advanced threat hunting or sophisticated penetration testing. It starts with a solid foundation. While SEVN-X specializes in finding the complex vulnerabilities that other vendors miss, we know that even the most advanced security program will fail if the fundamentals aren't in place first.
The following hardening measures represent the essential building blocks every organization needs before moving to more sophisticated security initiatives. These aren't comprehensive solutions, but they are critical prerequisites. Think of them as the foundation of a house: without them, everything else becomes unstable.
Some organizations jump straight to advanced security tools and assessments without addressing these basics, leaving glaring gaps that threat actors regularly exploit. Before investing in complex security solutions, ensure these fundamentals are rock-solid in your environment.
Close any unused ports in public areas or conference rooms. This reduces your attack surface and prevents unauthorized network access.
Periodically review and tighten access controls to fileshares and sensitive folders. Ensure only authorized personnel have the necessary permissions to critical data.
Consistently audit your ADCS configurations and issued certificates. Misconfigurations can lead to privilege escalation.
Don't sleep on IPv6! IPv6 traffic is susceptible to man-in-the-middle (MiTM) attacks and can provide initial footholds to attackers. Restrict (or disable, if possible) IPv6 traffic internally.
Turn off Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) to prevent common credential relay and spoofing attacks within the network.
Mandate SMB Signing to protect against man-in-the-middle (MiTM) attacks and disrupt lateral movement.
Enforcing LDAP signing and channel binding protects against critical relay attacks and ensures secure communication.
Prevent unauthorized devices from being added to your Windows domain. Restricting this capability limits potential entry points for attackers.
Segmenting your network limits the lateral movement of attackers within your network, containing breaches, and minimizing their impact.
A longer password is a stronger password. Increase minimum password length requirements for general use and administrative accounts, across your organization to enhance resistance against brute-force attacks.
Fine-Grained Password Policies enforce stricter, longer password requirements specifically for privileged accounts. FGPP adds an essential layer of security where it's needed most.
Regularly expiring passwords, coupled with strong password policies, helps mitigate the risk of compromised credentials remaining active indefinitely, even after stricter password requirements are introduced.
Randomly generate passwords for new hires and enforce immediate password changes for new users to prevent the use of weak, default credentials.
Enhance security and simplify management by using Group Managed Service Accounts (GMSA). GMSA eliminates the need for manual password rotations and reduces the risk of credential compromise.
Ensure your administrators use separate, dedicated accounts for their privileged tasks. This minimizes the risk of credential exposure during routine, less-privileged activities.
Place your highly-privileged accounts into the Protected Users group. This group provides enhanced security against credential theft attacks like Pass-the-Hash.
Consistently audit and review the members of your privileged groups (e.g., Domain Admins). This proactive measure helps identify and revoke unauthorized access.
Limiting these privileges reduces the impact of a compromised local account.
Place Request-to-Exit (REX) sensors (often infrared or motion) far enough away from the doors they operate to prevent them from being triggered.
Make sure doors and locks fit tightly (top, bottom, and sides) into their frames and locking mechanisms to prevent common bypass techniques.
These foundational security measures form the baseline that makes advanced security investments worthwhile. Without proper hygiene in these areas, even the most sophisticated security tools and assessments will provide incomplete protection.
At SEVN-X, we've seen too many organizations discover through our penetration testing and incident response work that basic misconfigurations created the initial foothold for sophisticated attacks. The threat actors we encounter in our forensics work don't always use zero-day exploits; they often succeed by exploiting fundamental gaps that should have been addressed months or years earlier.
Consider this checklist your security foundation audit. Once these fundamentals are solid, you're ready to build a truly robust security program through advanced testing, monitoring, and response capabilities. A strong foundation enables everything elseāfrom effective threat detection to meaningful security assessments that actually improve your risk posture.
The goal isn't just to check boxes, but to create the stable groundwork that makes every other security investment more effective.