Security Threats and Vulnerabilities

16.1.1

Types of Threats

Wired and wireless computer networks are essential to everyday activities. Individuals and organizations depend on their computers and networks. Intrusion by an unauthorized person can result in costly network outages and loss of work. Attacks on a network can be devastating and can result in a loss of time and money due to damage, or theft of important information or assets.

Intruders can gain access to a network through software vulnerabilities, hardware attacks, or through guessing someone’s username and password. Intruders who gain access by modifying software or exploiting software vulnerabilities are called threat actors.

After the threat actor gains access to the network, four types of threats may arise.

Information Theft

Information theft is breaking into a computer to obtain confidential information. Information can be used or sold for various purposes such as when someone is stealing proprietary information of an organization, like research and development data.

Data Loss and Manipulation

Data loss and manipulation is breaking into a computer to destroy or alter data records. An example of data loss is a threat actor sending a virus that reformats a computer hard drive. An example of data manipulation is breaking into a records system to change information, such as the price of an item.

Identity Theft

Identity theft is a form of information theft where personal information is stolen for the purpose of taking over the identity of someone. Using this information, a threat actor can obtain legal documents, apply for credit, and make unauthorized online purchases. Identify theft is a growing problem costing billions of dollars per year.

Disruption of Service

Disruption of service is preventing legitimate users from accessing services to which they are entitled. Examples include denial of service (DoS) attacks on servers, network devices, or network communications links.

Types of Vulnerabilities

Vulnerability is the degree of weakness in a network or a device. Some degree of vulnerability is inherent in routers, switches, desktops, servers, and even security devices. Typically, the network devices under attack are the endpoints, such as servers and desktop computers.

There are three primary vulnerabilities or weaknesses: technological, configuration, and security policy. All three of these sources of vulnerabilities can leave a network or device open to various attacks, including malicious code attacks and network attacks.

Technological Vulnerabilities

 
Vulnerability Description
TCP/IP Protocol Weakness
  • Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Internet Control Message Protocol (ICMP) are inherently insecure.
  • Simple Network Management Protocol (SNMP) and Simple Mail Transfer Protocol (SMTP) are related to the inherently insecure structure upon which TCP was designed.
Operating System Weakness
  • Each operating system has security problems what must be addressed.
  • UNIX, Linux, Mac OS, Mac OS X, Windows Server 2012, Windows 7, Windows 8
  • They are documented in the Computer Emergency Response Team (CERT) archives at http://www.cert.org
Network Equipment Weakness Various types of network equipment, such as routers, firewalls, and switches have security weaknesses that must be recognized and protected against. Their weaknesses include password protection, lack of authentication, routing protocols, and firewall holes.

Configuration Vulnerabilities

 
Vulnerability Description
Unsecured user accounts User account information may be transmitted insecurely across the network, exposing usernames and passwords to threat actors.
System accounts with easily guessed passwords This common problem is the result of poorly created user passwords.
Misconfigured internet services Turning on JavaScript in web browsers enables attacks by way of JavaScript controlled by threat actors when accessing untrusted sites. Other potential sources of weaknesses include misconfigured terminal services, FTP, or web servers (e.g., Microsoft Internet Information Services (IIS), and Apache HTTP Server.
Unsecured default settings within products Many products have default settings that create or enable holes in security.
Misconfigured network equipment Misconfigurations of the equipment itself can cause significant security problems. For example, misconfigured access lists, routing protocols, or SNMP community strings can create or enable holes in security.

Policy Vulnerabilities

 
Vulnerability Description
Lack of written security policy A security policy cannot be consistently applied or enforced if it is not written down.
Politics Political battles and turf wars can make it difficult to implement a consistent security policy.
Lack of authentication continuity Poorly chosen, easily cracked, or default passwords can allow unauthorized access to the network.
Logical access controls not applied Inadequate monitoring and auditing allow attacks and unauthorized use to continue, wasting company resources. This could result in legal action or termination against IT technicians, IT management, or even company leadership that allows these unsafe conditions to persist.
Software and hardware installation and changes do not follow policy Unauthorized changes to the network topology or installation of unapproved application create or enable holes in security.
Disaster recovery plan is nonexistent The lack of a disaster recovery plan allows chaos, panic, and confusion to occur when a natural disaster occurs or a threat actor attacks the enterprise.

Physical Security

An equally important vulnerable area of the network to consider is the physical security of devices. If network resources can be physically compromised, a threat actor can deny the use of network resources.

The four classes of physical threats are as follows:

  • Hardware threats – This includes physical damage to servers, routers, switches, cabling plant, and workstations.
  • Environmental threats – This includes temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry).
  • Electrical threats – This includes voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss.
  • Maintenance threats – This includes poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.

A good plan for physical security must be created and implemented to address these issues. The figure shows an example of physical security plan.

Plan Physical Security to Limit Damage to Equipment

  • Secure computer room.
  • Implement physical security to limit damage to the equipment.

Step 1. Lock up equipment and prevent unauthorized access from the doors, ceiling, raised floor, windows, ducts, and vents.

Step 2. Monitor and control closet entry with electronic logs.

Step 3. Use security cameras.

16.1.4 Check Your Understanding – Security Threats and Vulnerabilities


 

Network Attacks