All it takes for an attacker, or a rogue insider, is a missing patch on a server that permits an unauthenticated command prompt or other backdoor path into the web environment. Sure, we have to be careful when applying patches to servers but to not apply patches at all (I often seen missing patches dating back 10+ years) just makes it too easy.
Solution: Follow network security best practices by updating your operating system and any other software running on it with the latest security patches. Too many incidents occur because criminal hackers take advantage and exploit un-patched systems.
#2:Weak or default passwords
Passwords shouldn’t even be part of a network security vulnerability discussion knowing what we now know. However, many web applications, content management systems, and even database servers are still configured with weak or default passwords. Who needs file inclusion or SQL injection when the file system or database can be accessed directly?
Solution: Change and test for weak passwords regularly and consider using a password management tool. Implement intruder lockout after a defined number of failed login attempts.
#3:Misconfigured firewall rulebases
One of the biggest, most dangerous, assumptions is that everything is well in the firewall because it’s been working fine. Digging into a firewall rulebase that has never been analyzed will inevitably turn up serious configuration weaknesses that allow for unauthorized access into the web environment. Sometimes it’s direct access while other times it’s indirect from other network segments including Wi-Fi – parts of the network that may have been long forgotten.
Solution: Start with your organization’s security policy; one that reflects the current situation and foreseeable business requirements. After all, your firewall rulebase is the technical implementation of this security policy. Review it regularly and keep it relevant. OWASP provides some good guidance on building operational security guides.
Phones, tablets, and unencrypted laptops pose some of the greatest risks to web security. Think about all the VPN connections, cached passwords in web browsers, and emails containing sensitive login information that you – and likely everyone else responsible for managing your web environment – have stored on mobile devices. The use of unsecured (and rogue) Wi-Fi via mobile devices is the proverbial icing on the cake.
Solution: Instill clear data management rules for all employees and make mandatory data encryption part of your security policy. This is becoming even more important with employees connecting their personal devices to the corporate network.
#5:USB Flash Drives
The dangers of these innocent-looking portable devices have been known for long enough. But still, all that Edward Snowden reportedly needed to walk away from the National Security Agency building with a cache of national secrets was a USB flash drive. USB drives are also one of the most common ways a network can get infected from inside a firewall.
Solution: Have clear security policies regarding personal storage devices including who can use them and in what places. Restrict the computers that can read USB flash drives and help prevent unauthorized access by encrypting the data as soon as it hits the device.