The following article analyzes the most common security vulnerabilities associated with network systems and provides a summary, as well as a recommendation for prevention of these exploitations.
Un-patched Network Devices
The network and security devices, similarly to computing devices such as desktops and laptops, also come with software which (if not regularly updated) can over time become prone to issues and be the source of network-related vulnerabilities. These vulnerabilities, especially if not immediately addressed, have the tendency to develop into security exploits.
For an attacker or a rogue insider, it’s then a lot easier to open the backdoor into the network environment. All they need to do is to scan the network servers and devices and find that one of them is missing a patch or using an outdated version of firmware, and they can gain the remote access to the device, its configuration or a command prompt. This can later provide the backdoor path not only to a single device but expose entire network environment to a network attack.
The recommendation is to periodically check entire network and all network devices for software and firmware patches. A patch is a piece of software designed to update a network device software or its supporting data and very often it containing a fix for a known security vulnerability or a software bug which could be exploited. “Follow network security best practices by updating your operating system and any other software running on it with the latest security patches. Too many incidents occur because criminal hackers take advantage and exploit un-patched systems.” (Beaver, 2013). However, note that “in some organizations, it’s not always ideal to install a new patch as soon as it is available, as these can disrupt essential business operations” (Mack, 2013), so it’s important to find the right balance and timing of when to install patches. There are numerous patch management tools that can assist enterprises in building the best patching strategy.
Many of the network security attacks are not necessarily caused by the network devices with outdated software (as mentioned earlier). Very often, the issue is a more fundamental in its nature. As we know, most of the network appliances allow some way of remote configuration and thus are often pre-configured with a default password. And this is usually where the problem stems from. If the device’s default password hasn’t been changed, it can easily be deduced by an attacker who is aware of the device-specific default passwords. And if the default password was amended to a password that is weak and easily cracked, then an intruder can use a variety of ways and hack methods to find the password (e.g. brute force password guessing). All this can expose enterprise network to a security risk.
The best way to prevent problems with passwords is to have a proper password policy. As per Wikipedia article on Password policy, the basic password policy would typically contain following requirements:
- Password length and formation (use of both upper-case and lower-case letters, the inclusion of one or more numerical digits and special characters, prohibition of words found in the user’s personal information, etc.).
- Some policies require users to change passwords periodically, often every 90 or 180 days.
- Prohibition of words found in a password blacklists (password blacklists are lists of passwords that are always blocked from use).
Misconfigured Network Devices
Very often we find that some of the most common network security issues are related to settings and configuration of network devices. Technology news is full of stories of hackers gaining access to network switches, modems, routers, bridges and firewalls, even that these devices are up-to-date with patches and using strong passwords. What is often overlooked is the fact that they are not appropriately configured. This is one of the major issues in network security, as improper configurations cause severe configuration weaknesses that regularly lead to unauthorized network access.
Kevin Beaver of Acunetix.com summarizes this problem by the following statement: “One of the biggest, most dangerous, assumptions is that everything is well because it’s working fine.” That said, the best solution to this problem is connected to enterprise awareness. An organization needs to setup security policy that periodically analyzes network device logs and adjusts the configuration appropriately. Another valuable alternative is to employ the third party software that specializes in detection of dangerous network patterns, such as configuration assessment and compliance tools. These tools can be further assisted by using software such as vulnerability scanners and penetration testing programs. All these should be part of the toolbox for protecting the network against intrusions.
“Phones, tablets, and unencrypted laptops pose some of the greatest risks to network security.” (Beaver, 2013).
Most of us bring their personal phones or tablets to work, without giving it much of a second thought. What is often not realized is, that connecting unauthorized device to employers network can cause serious issues. These devices can be compromised already and listen for credentials, emails containing sensitive login information, etc.
With employees connecting their personal devices to the corporate network, one of the best ways to prevent the network security breach situations, is the introduction of enterprise-wide mandatory rules for all employees. Such rules should enforce encryption as part of the security policy. “Your strategy should take a holistic view of security with an overarching security framework. Inventory the types of data your mobile workforce accessed on phones and tablets, and treat the smartphone and device security just like you would internal systems on the network” (Ragan, 2013).
Above are the most commonly overlooked security vulnerabilities and each of these can put the network environment at risk. Each organization needs to assess the risk and create its own rules that all employees should follow. An ideal is a smart approach that minimizes the risks while ensuring that everything that touches the network environment, that being a new device, or a new software application, has been properly reviewed and approved.
Beaver, K. (2013) The most common network security vulnerabilities. Available at: http://www.acunetix.com/blog/articles/the-top-5-network-security-vulnerabilities/ (Accessed: 2 September 2016).
Patch (computing) (2016) in Wikipedia. Available at: https://en.wikipedia.org/wiki/Patch_(computing) (Accessed: 2 September 2016).
Divestopedia and Institute, S. (2016) What is a bug fix? – definition from Techopedia. Available at: https://www.techopedia.com/definition/18105/bug-fix (Accessed: 2 September 2016).
Mack, B. (2013) Patch management overview, challenges, and recommendations. Available at: http://blogs.cisco.com/security/patch-management-overview-challenges-and-recommendations (Accessed: 2 September 2016).
Password policy (2016) in Wikipedia. Available at: https://en.wikipedia.org/wiki/Password_policy (Accessed: 2 September 2016).
Ragan, S. (2013) Five things to consider for a mobile security policy. Available at: http://www.csoonline.com/article/2133789/identity-management/five-things-to-consider-for-a-mobile-security-policy.html (Accessed: 2 September 2016).