This post aims to help you familiarize with the top 15 commonly known network and system security vulnerablitis. If you are a new administrator, you can have a look at the following list.
ACLs on the border router
The ACLs you place in your router, especially in the border router, should not allow inadequate access to your other devices connected to your router. A few misconfigured router ACLs can potentially allow information leakage through ICMP, IP, NetBIOS, and lead to unauthorized access to services on your DMZ server. So, make sure your border router has appropriate ACL in place in the right interface.
Remote Access Point
You may have to set remote access point to facilitate remote users to login to your network. But remember that unsecured and unmonitored remote access points are one of the easiest ways to get access to your network. The devices telecommuters using to connect to your network may not have adequate protection and may already have been comprised. Make sure the people accessing your network remotely have proper knowledge on Internet security and have antivirus/Internet security software installed in it.
The operating system and application versions, users, groups, shares, DNS information, via zone transfers, and running services like SNMP finger, SMTP, telnet, rusers, rpcinfo, NetBIOS etc. can provide the attackers valuable information. Figure out the ways to block information leakage from your organization.
Every server runs applications that depend on specific server. If a host runs unnecessary services such as RPC, FTP, DNS, SMTP, you can simply stop or delete them. Run only the services that you need to run your applications.
Make sure nobody using weak, reused and easily guessed passwords. Enforce a password complexity policy in your server.
You may have to install test servers for development purposes. Make sure all the test users’ accounts do not have excessive administrative privileges. Also make sure there are no default users in your routers, firewalls, servers and other networking devices.
Make sure you do not have single misconfigured Internet servers, especially CGI and ASP scripts on web servers, web folders with global-writable permission, and XSS vulnerabilities in your web application. A single misconfigured server can make your entire network vulnerable to attack and other sorts of vulnerabilities.
Misconfigured network device
The internal networks may have misconfigured firewall and router. A misconfigured ACL is enough to allow outsiders to your internal systems directly. Pay attention to how your DMZ and internal firewall talk. Are there any ACL that you do not need?
Application software that is unpatched, outdate, vulnerable, or left in default configurations, especially web servers can make your network vulnerable.
File shares and access control
You may file sever shared with everyone in the network. Make sure that shared directories are restricted to the internal users only. Do you need to allow the remote users to access your shared folder?
Excessive trust relationships between originations can provide attackers with unauthorized access to sensitive systems.
Your system may have unauthenticated services/software that captures remote keystrokes.
Inadequate logging detection
If you have not detection capability to monitor how is logging your network and host machine, you have no way to know when your server/devices is compromised.
Lack of documentation and guidelines
If you do not have well-accepted and well-promulgated security policies, procedures, standards, and guidelines in your organization, your IT staffs’ usage of IT equipment can make your organization vulnerable to attack or compromised.
Even if you implement the best security practices and framework to secure your IT infrastructure and data, you will not be complacent that your IT is secure. We still don’t have the name and signature of the latest viruses and malwares released in the last few minutes. So, you are never secure. Once you are familiar with the command vulnerabilities and threats, the next thing you can do it to keep monitoring and improvise your vulnerability detection mechanism and keep learning to stay fresh about latest security threats.