3/13/2014

The Top 5 Network Security Vulnerabilities that Are Often Overlooked

DOWNLOAD | ONLINE SCAN

Search

WEB VULNERABILITY SCANNER | ONLINE VULNERABILITY SCANNER | TRIAL | PRICING | RESELL | NEWS | WHY ACUNETIX? | SECURITY BLOG

Featured Article How Acunetix Compares with Other Web Application Scanners
Acunetix is once again confirmed as one of the leaders in web application scanning with a 100% detection accuracy and 0% false positives for Reflected Cross-Site Scripting and SQL Injection vulnerabilities, together with a leading WIVET assessment score. In the ... [+]

RELEASES Acunetix Web Vulnerability Scanner Product Releases

DOCS & FAQS Acunetix Technical Documents and FAQs

NEWS Acunetix, Web Security News & Press Releases

EVENTS Acunetix Webinars, Events and Training Worldwide

WEB SECURITY ZONE Everything you Need to Know About Web Security

The Top 5 Network Security Vulnerabilities that Are Often Overlooked

By Kevin Beaver on JUL 31, 2013 - 08:00am Your network security is just as important as securing your web site and related applications. Networks, because of the sensitive data they usually give access to, are one of the most targeted public faces of an organization. Here are the top 5 network security vulnerabilities that are often omitted from typical reviews, and some tips to avoid making the same mistakes.

SUBSCRIBE FOR UPDATES

Enter your email address
Subscribe

JOIN US ON FACEBOOK
Acunetix
Like

7,591 people like Acunetix.

Network Security Omission #1:

Missing patches All it takes for an attacker, or a rogue insider, is a missing patch on a server that permits an unauthenticated command prompt or other backdoor path into the web environment. Sure, we have to be careful when applying patches to servers but to not apply patches at all (I often seen missing patches dating back 10+ years) just makes it too easy. Solution: Follow network security best practices by updating your operating system and any other software running on it with the latest security patches. Too many incidents occur because criminal hackers take advantage and exploit un-patched systems.

Facebook social plugin

Network Security Omission #2:

Weak or default passwords Passwords shouldnt even be part of a network security vulnerability discussion knowing what we now know. However, many web applications, content management systems, and even database servers are still configured with weak or default passwords. Who needs file inclusion or SQL injection when the file system or database can be accessed directly? Solution: Change and test for weak passwords regularly and consider using a password management tool. Implement intruder lockout after a defined number of failed login attempts.

Network Security Omission #3:

Misconfigured firewall rulebases One of the biggest, most dangerous, assumptions is that everything is well in the firewall because its been working fine. Digging into a firewall rulebase that has never been analyzed will inevitably turn up serious configuration weaknesses that allow for unauthorized access into the web environment. Sometimes its direct access while other times its indirect from other network segments including Wi-Fi parts of the network that may have been long forgotten. Solution: Start with your organizations security policy; one that reflects the current situation and foreseeable business requirements. After all, your firewall rulebase is the technical implementation of this security policy. Review it regularly and keep it relevant. OWASP provides some good guidance on building

http://www.acunetix.com/blog/eatured/the-top-5-network-security-vulnerabilities/

1/3

3/13/2014
operational security guides.

The Top 5 Network Security Vulnerabilities that Are Often Overlooked

Network Security Omission #4:

Mobile devices Phones, tablets, and unencrypted laptops pose some of the greatest risks to web security. Think about all the VPN connections, cached passwords in web browsers, and emails containing sensitive login information that you and likely everyone else responsible for managing your web environment have stored on mobile devices. The use of unsecured (and rogue) Wi-Fi via mobile devices is the proverbial icing on the cake. Solution: Instill clear data management rules for all employees and make mandatory data encryption part of your security policy. This is becoming even more important with employees connecting their personal devices to the corporate network.

Network Security Omission #5:

USB Flash Drives The dangers of these innocent-looking portable devices have been known for long enough. But still, all that Edward Snowden reportedly needed to walk away from the National Security Agency building with a cache of national secrets was a USB flash drive. USB drives are also one of the most common ways a network can get infected from inside a firewall. Solution: Have clear security policies regarding personal storage devices including who can use them and in what places. Restrict the computers that can read USB flash drives and help prevent unauthorized access by encrypting the data as soon as it hits the device.

Whether accessible from inside or outside your network, these commonly-overlooked security vulnerabilities are likely putting your web environment at risk today. The smart approach to minimize your risks is to perform in-depth web vulnerability scans and manual analysis like youve been doing but also ensure that everything else that touches your web environment has been properly reviewed. Even in hosted environments where sales and marketing reps are eager to hand over copies of their flawless SSAE 16 reports, you still have to dig deeper. The vulnerabilities are there. Given enough time, someone, somewhere will figure out a way to take advantage of them at the expense of your business. Its better for you to find these weaknesses first so you can do something about them. Dont become complacent. Look at the bigger picture. Theres more to web security than meets the eye.

Leave a Reply

Your name (required) Your email (required) Your website (optional)

CAPTCHA Code*
T y p ey o u rc o m m e n th e r e . . .

Post Comment

http://www.acunetix.com/blog/eatured/the-top-5-network-security-vulnerabilities/

2/3

3/13/2014

The Top 5 Network Security Vulnerabilities that Are Often Overlooked

Product Information
Full HTML5 Support AcuSensor Technology Acunetix DeepScan Technology AcuMonitor Service Support

Website Security
Web Security Blog Cross Site Scripting SQL Injection DOM XSS Blind Cross Site Scripting

Learn More
Free WordPress Security Plugin Secure your Web Server Directory Traversal PHP Security / SQL Security Web Service Security

Contact Us
US: +1 404 9903280 International:+44 (0)330 202 0190 Sales Team: sales@acunetix.com Support Team: support@acunetix.com

2014 Acunetix

About Acunetix

Contact Us

Find Resellers

http://www.acunetix.com/blog/eatured/the-top-5-network-security-vulnerabilities/

3/3