Additional information (ne)

Network (vulnerabilities)

Definition:

We can define 3 types of network vulnerabilities: hardware-based, software-based and user-based. Below a list of possible network vulnerabilities:

Hardware-based:

• Hardware Issues: improperly managed and unpatched or unknown devices.
• Intruders: an unauthorized person gaining access to a device can install malware by copying it from a USB-device or external prearranged location.
• Laptops and smartphones form a huge risk: not only can they get exposed to malware, but they also can get lost or stolen.
• Firewall Issues: misconfiguration, no secundairy firewall where there should be one etc. Lots of organizations make use of web application firewalls (WAFs) for these reasons.
• Wi-fi: a poorly secured Wi-Fi network lets nearby devices connect, getting past the firewall.
• IoT Devices: many devices for the Internet of Things are cheaply made and have inadequate security.
• Unauthorized Devices: devices of which the IT department doesn't know about.

Software-based:

• Outdated and self-written software that can't be patched easily: apply tight access control to limit the dangers.
• Unmanaged software: as for unknown devices, attached to the system by users, they can also have software on them that you don't know about.
• Misconfigurated and default software: every network has it's own needs and threats, standard software needs to be well configurated and often modified to level-up security.
• No intranet: in lots of organizations employees use functions that do not need access to the internet, use an intranet to set up a separate network for it.

User-based:

• Password-management: users often tend to choose weak passwords and/or store these passwords on a piece of paper in drawer: inform them well and bring password managers under their attention.
• No multi-factor authentication: multi-factor authentication brings an extra security layer, be sure to make this obligatory.
• Social engineering: phishing, scam phone-calls, malicious websites etc.: just like at home, users are just as vulnerable to being tricked in your organization; training, informing and testing are good practises to mitigate these risks.
• Least risk policy: give only access to the software-parts that every specific user needs to do his job, global access brings extra security-risks.

Network-worm: see Worm

Network attacks

A network of devices communicating with each other is one of the biggest security-issues a system administrator has to tackle. Especially when unencrypted data is being send, a network is vulnerable to intruders who then can deploy a network-attack.
Malicious parties usually execute network attacks to alter, destroy, or steal private data. Network-attacks can be in real-time or not, the difference is that in a real-time attack an intruder can directly access the data packages sent over the network. In the other case the data is being stored to be accessed by the intruder or automatically send to the intruder some time later. In general, network attacks can have two purposes: collecting the data (passive attack), or modifying the data (active attack).

Network attacks occur in various forms, the most common types of network-attacks are:

• Advanced Persistant Threats (APT's)
• Application-Layer Attack
• Compromised-Key Attack
• Data Modification
• DDos Attack
• Eavesdropping attacks
• Man-In-The-Middle (MITM) attack
• Password-Based Attacks
• Ransomware attacks
• Sniffing attacks / packet sniffers
• Social engineering
• Spoofing
• SQL-injection