Check for Expired Security Certificates
Most organizations need SSL certificates to keep information private on their websites and prevent unauthorized access. The IT department commonly sets up these certificates when first deploying a website.
Unfortunately, security breakdowns can occur when security certificates are allowed to expire. It is incumbent on IT staff to ensure that all certificates are current, so be sure to add an annual certificate review into IT policies and procedures.
Implement SSL/TLS Protocols and Keys
Transport layer security is a robust successor to SSL. Both security protocols encrypt data transfers between servers and devices. They also help authenticate user access.
SSL/TLS works with security certificates, but it is up to IT staff to set up the SSL/TLS public and private data access and encryption keys for each server, network resource and user so that only certain users (each with a private access key) can access network resources (which have public keys, because more than one person will use them).
Avoid Storing LAN Manager Hashes
On Windows machines, some organizations still use Microsoft LAN Manager hash algorithms to convert user passwords into two Data Encryption Standard keys for security purposes. These keys are then stored in Windows.
Unfortunately, LM hash protection is vulnerable to fast, brute-force attacks. You can guard against this by disabling the storage of LM hashes in Windows.
Consider Using Server Message Block Signing
Man-in-middle attacks occur when a bad actor inserts himself in the middle of a data transfer and pretends to be a legitimate participant so he can intercept valuable information.
If you are a Windows shop, you can reduce the risk of MITM by implementing Server Message Block protocol on Windows domain servers. SMB affects digital signing on the packet level of communications protocols, which makes it tougher for MITM attacks to break through.
Perform Regular Third-Party Security Audits
IT security audits used to be a luxury. Now, they should be an IT budget staple. You can never know enough about security or the next generation of risks, but security experts can help you stay informed and prepared.