Profile picture
Amanda Berlin @InfoSystir
, 7 tweets, 1 min read Read on Twitter
Here are 50 FREE things you can do to improve the security of most environments:
Access control lists are your friend (deny all first)
AD delegation of rights
App Whitelisting
Best practice GPO (NIST GPO templates)
Block browsing from servers. Not all machines need internet access
Block Dns zone transfers
Change ilo settings/passwords
Close open mail relays
Diff. local admin passwords (LAPS)
Disable LLMNR/NetBios
Disable ports that are unused, & setup port security
Disable telnet & other insecure protocols or alert on use
DMZ behind separate firewall
DNS servers should not be openly recursive
Don't forget your printers (saved creds aren't good)
Egress Filtering (should be just as strict as Ingress)
EMET (when OSes prior to 10 are present)
Ensure web logins use HTTPS
Fail2ban
For the love of god implement TLS 1.2
Force advanced file auditing (ransomeware detection)
Geoblocking
Get rid of open shares
Incident Response drills
Incident Response Runbook & Bugout bag
Incident Response tabletops
Internal & OSINT honeypots
Least privileges EVERYWHERE
Locate and destroy plain text passwords
Log successful and unsuccessful logins - Windows/Linux logging cheatsheets
MITRE ATT&CK Matrix is your friend
Mod security
MSBSA
Network device backups
No open wi-fi, use WPA2 + AES
Password safes
Patch *nix boxes
Purple Team
Remove unneeded software
Restrict access to backups
Role based servers only! DNS servers/DCs are just that
Segment with Vlans
Separation of rights - Domain Admin use should be sparce & audited
Setup centralized logins for network devices. Use TACACS+ or radius
Upgrade firmware
URLscan
Use Bitlocker/encryption
User Education exercises
Vulnerability Scanner
WSUS
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Amanda Berlin
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!