Chapter 8: Troubleshooting Common Security Issues
Unencrypted Credentials
FTP (20,21) –> FTPS (SSL/TLS) or SFTP (SSH, 22)
HTTP (80) –> SHTTP or HTTPS (443)
Telnet (23) –> SSH
SNMPv1 –> SNMPv3
Logs / Event Anomalies
Things that shouldn’t be happening.
Permission Issues
Failed logins!
Access Violations
Certificate Issues
Broken Chain of Trust
Data Exfiltration
Misconfigured Devices
Weak Security Configs
Personnel
Acceptable Use Policy
Policy violations
Insider Threat
Social Engineering
Social Media
Only be designated users
Property of company
Personal Email
MDM
Unauthorized Software / License Compliance
Asset Management
Authentication Issues