Security Threats and Vulnerabilities
Types of Threats
Wired and wireless computer networks are essential to everyday activities. Individuals and organizations depend on their computers and networks. Intrusion by an unauthorized person can result in costly network outages and loss of work. Attacks on a network can be devastating and can result in a loss of time and money due to damage, or theft of important information or assets.
Intruders can gain access to a network through software vulnerabilities, hardware attacks, or through guessing someone’s username and password. Intruders who gain access by modifying software or exploiting software vulnerabilities are called threat actors.
After the threat actor gains access to the network, four types of threats may arise.
Information theft is breaking into a computer to obtain confidential information. Information can be used or sold for various purposes such as when someone is stealing proprietary information of an organization, like research and development data.
Data Loss and Manipulation
Data loss and manipulation is breaking into a computer to destroy or alter data records. An example of data loss is a threat actor sending a virus that reformats a computer hard drive. An example of data manipulation is breaking into a records system to change information, such as the price of an item.
Identity theft is a form of information theft where personal information is stolen for the purpose of taking over the identity of someone. Using this information, a threat actor can obtain legal documents, apply for credit, and make unauthorized online purchases. Identify theft is a growing problem costing billions of dollars per year.
Disruption of Service
Disruption of service is preventing legitimate users from accessing services to which they are entitled. Examples include denial of service (DoS) attacks on servers, network devices, or network communications links.
Types of Vulnerabilities
Vulnerability is the degree of weakness in a network or a device. Some degree of vulnerability is inherent in routers, switches, desktops, servers, and even security devices. Typically, the network devices under attack are the endpoints, such as servers and desktop computers.
There are three primary vulnerabilities or weaknesses: technological, configuration, and security policy. All three of these sources of vulnerabilities can leave a network or device open to various attacks, including malicious code attacks and network attacks.
|TCP/IP Protocol Weakness||
|Operating System Weakness||
|Network Equipment Weakness||Various types of network equipment, such as routers, firewalls, and switches have security weaknesses that must be recognized and protected against. Their weaknesses include password protection, lack of authentication, routing protocols, and firewall holes.|
|Unsecured user accounts||User account information may be transmitted insecurely across the network, exposing usernames and passwords to threat actors.|
|System accounts with easily guessed passwords||This common problem is the result of poorly created user passwords.|
|Unsecured default settings within products||Many products have default settings that create or enable holes in security.|
|Misconfigured network equipment||Misconfigurations of the equipment itself can cause significant security problems. For example, misconfigured access lists, routing protocols, or SNMP community strings can create or enable holes in security.|
|Lack of written security policy||A security policy cannot be consistently applied or enforced if it is not written down.|
|Politics||Political battles and turf wars can make it difficult to implement a consistent security policy.|
|Lack of authentication continuity||Poorly chosen, easily cracked, or default passwords can allow unauthorized access to the network.|
|Logical access controls not applied||Inadequate monitoring and auditing allow attacks and unauthorized use to continue, wasting company resources. This could result in legal action or termination against IT technicians, IT management, or even company leadership that allows these unsafe conditions to persist.|
|Software and hardware installation and changes do not follow policy||Unauthorized changes to the network topology or installation of unapproved application create or enable holes in security.|
|Disaster recovery plan is nonexistent||The lack of a disaster recovery plan allows chaos, panic, and confusion to occur when a natural disaster occurs or a threat actor attacks the enterprise.|
An equally important vulnerable area of the network to consider is the physical security of devices. If network resources can be physically compromised, a threat actor can deny the use of network resources.
The four classes of physical threats are as follows:
- Hardware threats – This includes physical damage to servers, routers, switches, cabling plant, and workstations.
- Environmental threats – This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry).
- Electrical threats – This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss.
- Maintenance threats – This includes poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.
A good plan for physical security must be created and implemented to address these issues. The figure shows an example of physical security plan.
Plan Physical Security to Limit Damage to Equipment
- Secure computer room.
- Implement physical security to limit damage to the equipment.
Step 1. Lock up equipment and prevent unauthorized access from the doors, ceiling, raised floor, windows, ducts, and vents.
Step 2. Monitor and control closet entry with electronic logs.
Step 3. Use security cameras.