Network Security Vulnerabilities & Threats
Identifying and counteracting the most common Network Security Vulnerabilities is an ongoing challenge to any security team. Although new cyber security vulnerabilities keep showing up, the fact is that the basis of the attacks generally remains the same. There are three primary vectors that an attacker can use to compromise the network — the hardware, the software, and the user. But whatever vector the attacker is using, the key is identifying and stopping the attack quickly and effectively.
Hardware
Any device on the network can be a security risk and has to be managed appropriately. This includes workstations, servers, firewalls, routers, switches, etc.
Firmware updates have to be kept current and the hardware should be replaced if patches for new security vulnerabilities are no longer available. It’s also extremely important to make sure there are no rogue devices installed on the network to avoid cyber vulnerabilities.
Regular network vulnerability scans can help identify devices that may have been covertly installed and also devices that may have been compromised through the use of USB keys or other media to install keyloggers or other covert malware.
Poorly configured devices open up a wide array of cyber security threats and vulnerabilities often with little effort required of the attacker.
Software Vulnerability Threats
After installing a system, it has to be consistently managed. New cyber security vulnerabilities are discovered regularly and, if updates or patches for these vulnerabilities are not identified and installed, these systems can become easy prey for attackers.
Most vendors will offer fixes as these types of network security threats are found, but these have to be installed to be effective. It is critical to be managing and installing the latest security patches.
Operating systems also become end-of-life after a while and will no longer be supported by the vendor. Planning for and managing the upgrade of systems is needed to reduce the threat posed by systems that are not supported. Software configuration is also often an avenue that can be exploited by an attacker and used to compromise the environment.
Common errors include leaving test accounts and passwords active when moving a system into production, publishing services that aren’t needed. This allows weak passwords and using unencrypted channels such as email to send sensitive data.
User Compromised Vulnerability Threats
Social Engineering is a common way for attackers to breach your network and take advantage of your users. It’s one of the top cyber threats and vulnerabilities.
Phishing attacks, scam phone calls, embedded URLs to misdirect users to false websites can all be used to trick users into revealing confidential information. Computer security and mobile device security are a major vulnerability to organizations.
To avoid user compromise, it’s best to have a security policy that covers access rights, multi-factor authentication protocols, vulnerability management, and more.
Top Information Security Vulnerabilities
The OWASP (Open Web Application Security Project) publishes a list of the top vulnerabilities in cyber security.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI offer this technical guidance to advise IT, security professionals, at public and private sector organizations.
This helps them place an increased priority on patching the most common network vulnerabilities that are exploited by sophisticated foreign cyber actors.
OWASP (Open Web Application Security Project)
Here is a breakdown of some of the top security vulnerabilities:
1. Injection
Injection flaws occur when a cyber attacker sends untrusted data without the proper permission and authorization.
2. Broken Authentication and Session Management
Hackers can compromise passwords and user accounts when a session or user has been incorrectly configured.
3. Sensitive Data Exposure
Attackers can access sensitive data like health information, passwords, and financial data if applications and APIs do not have the proper protection.
4. Broken Access Control
If there is no access control (ex. multi factor authentication, user control, etc) users can easily access other accounts. This can result in users:
- Viewing sensitive data
- Modifying data
- Breaching privacy policies
5. Insufficient Logging and Monitoring
The time to detect a breach is frequently measured in weeks or months. Insufficient logging and ineffective integration with security incident response systems allow attackers to pivot to other systems and maintain persistent threats.