NO SECURE CONFIGURATION PROCESS
"Default settings are the attacker’s best friend."
COMPANY
Sector: Development
Size: 10–49 employees
Location: Brussels
FACTS & FIGURES
30 out of 35 companies were affected
Protection efforts: None
Business impact: High
STORY
At a small development company in Brussels, each employee works on their own laptop. Some of these employees have admin rights, while others do not. Some machines have their firewalls enabled, others have them disabled. Some have antivirus software running, while others don’t. But all the laptops are beautifully configured, aren’t they?
Well, maybe not. When we asked the employees who was responsible for configuring these laptops, they told us... well, let me quote them directly.
The team isn’t careless, they’re just busy. But in the absence of a uniform method for system setup, the company is vulnerable to a nearly endless array of risks. An attack could result from any one of a hundred improperly configured endpoints.
INCIDENT OVERVIEW
Secure configuration management refers to the practice of establishing systems and applications in a hardened, secure state by default and maintaining that configuration over time. When a system is first set up, it often comes with settings that favor usability over security (e.g., open ports, enabled services, default credentials). Without a secure configuration process, these usable but insecure defaults often remain just that: defaults.
In this case, assets were not only manually configured without reference to any standard, but also in an insecure manner. Workstations had inconsistent settings; local admin rights were widespread; and weak access controls were, unfortunately, common. (Look in the mirror and say "common" three times.)
BUSINESS IMPACT
Skipping a secure setup process exposes organizations to multiple risks:
Systems with unprotected settings are far more vulnerable to attacks.
Without a clear standard, devices behave inconsistently, making detection and response more difficult.
Compliance failures: Frameworks like CIS, NIST, and NIS2 require clear, consistent configuration documentation.
Operational failures: Configuration errors are far more likely to lead to major disruptions.
SECURITY MEASURES
Below, you’ll find key recommendations to mitigate risks and enforce secure configurations:
Establish a formal configuration management process, including versioning, auditing, and rollback capabilities.
Join systems to Active Directory to centrally manage and enforce policies across all enterprise assets.
Use Group Policy (GPO) via the Local Group Policy Editor to configure security-related settings at scale (e.g., password policies, firewall rules, software restrictions).
Employ OpenSCAP or similar tools to define and audit compliance with CIS or NIST configuration benchmarks.
Continuously monitor for drift from the approved configuration and take corrective actions when deviations are detected.