1. Manage Legacy Protocols
Remediation: Disable the use of LLMNR, NBNS, and WPAD protocols in group policy.
2. Disable LM, NTLMv1
Remediation: Disable LM hashing, and, unfortunately require a password reset for all your accounts if it was enabled.
3. Common Password Use
Remediation: User education, increase default password length requirement from 8 to 12+, and add simple password brute-forcing as part of your vulnerability management program to check for weak or known passwords.
4. Enforce SMB Signing for Servers and Workstations
Remediation: Force SMB signing for all domain joined computers.
5. No LAPS
Remediation: Deploy LAPS, which rotates and stores the local administrator password in the domain controller.
6. Anonymous Enumeration Allowed
Remediation: Disable anonymous enumeration of SAM accounts and shares.
7. Remove Stored Passwords in Group Policy Preferences (GPP)
Remediation: Review your group policy preferences and ensure no passwords are used or stored.
8. Default User/Pass In Use
Remediation: Know what you have deployed on the network, and verify that no system is setup to use its default credentials.
9. Not Using MFA for Remote Access, or to Sensitive Networks
Remediation: Deploy multi-factor authentication at minimum for all remote access solutions and all cases where a security boundary is being crossed.
10. Non-Segmented Legacy Hardware & Software
Remediation: If you’ve seen “Silence of the Lambs”, think Hannibal Lecter in his cell, in a strait jacket… wearing a mask.