Network security is significantly more challenging than it was several years ago. Today's IT teams struggle against a cybersecurity talent shortage, an increasing number of endpoints in their network, and the ever-changing cyber crime threat vector.
One 2016 report, Cloud Computing and Network Security Operations Transformation by Enterprise Strategy Group, found that nearly two-thirds ( 63%) of enterprise IT decision-makers believe network security is more difficult than it was in 2014.
Ultimately, the security fears that should haunt you aren't overly complex or unheard of. A recent Nexibeo interview with 25 leading security experts revealed that many organizations have glaring omissions in their protection. In this blog, you'll learn about simple network security errors that can lead to devastating results.
The Most Common Network Vulnerabilities in 2016
The top-ten application vulnerabilities exploited in 2016 were caused by flaws in just two vendors' products, according to an analysis by Recorded Future. Their analysts attributed this to exploit kits (EK), which are essentially prebuilt software kits designed for vulnerabilities in common enterprise products.
- Passwords: Password sharing, infrequent password changes, or a lack of password protection.
- Excessive Access: Employees had access to more data than was necessary "to perform their jobs."
- System Locks: Workstations were not set to "lock" during periods when they were not being used or after the wrong password was entered a certain number of times.
- Data Backups: Backups were not performed frequently enough, testing was lacking, and backups were not stored off-site.
- User Tracking: Insufficient accountability around user activities.
Many organizations are guilty of some of the same network security mistakes going into 2017 as they were last year. Join us as we review some of the most common mistakes made in 6 key areas of network security.
1. Application Security
Many common enterprise applications contain inherent vulnerabilities. If your organization is not up to date on patching, you could be particularly vulnerable to attack through these known vulnerabilities.
Some application security issues can allow:
- Code Injection
- Broken Authentication and Session Management
- Cross-Site Scripting
- Insecure Direct Object References
- Common Misconfiguration Trends
- Missing Function Level Access Control
With knowledge of these vulnerabilities, criminals can gain access to your network. Regardless of how many of your applications are built in-house versus purchased out-of-the-box, recognizing the potential for exploits is important.
Security administrators should identify and patch application vulnerabilities by:
- Implementing comprehensive security testing.
- Black Box: Testing without particular knowledge of an application's functional knowledge to simulate external hacking.
- White Box: Testing an application's internal functions to determine code security.
- Data Fuzzing: Providing invalid or extreme data inputs to an application to determine thresholds for application crashes or data leaks.
- Patching as soon as possible.
- Crafting smarter DevOps practices for security on home-grown applications.
Analysts at Symantec, AVG, Malwarebytes, Rackspace, and ESET North America pointed to the same concern in their Nexibeo interviews.
Without policy-based administration that requires users to create a passphrase from letters, numbers, and special characters, users may be defaulting to insecure credentials like "password" or "12345." In addition, the choice to recycle passwords across accounts can make access easy for criminals who have brute-forced or stolen credentials.
Does your team always update default security when installing new endpoints or office hardware?
On a network with many endpoints and connected devices, poor password security can be essentially an invitation to enlist your technology in a distributed denial of service (DDoS) attack.
Your users might not be able to remember dozens of complex passwords for different accounts, and that's okay. Using identity management tools can simplify their account access while maintaining network security.
3. Excessive Access
Users having access to more data than is strictly necessary can result in integrity compromise and other issues. This is reflected in PCI Requirement 7, which requires compliant organizations to limit access according to user need and restrict access based on need-to-know. In the case of IT administrators or "super users," excessive access can result in a lack of accountability.
Excessive user access could be caused by manual network security practices or incomplete information security policies. In some cases, IT departments lack well-defined user roles for every position in their organization. In other cases, users may switch roles through promotions or job changes and retain access to old data sets.
To identify and remedy excessive access, IT should:
- Perform an access rights audit.
- Identify and remove excessive access (and inactive users).
- Utilize real-time alerts and access blocking via file integrity monitoring or other tech sources.
- Consider system-level applications to limit the impact of destructive behavior.
4. Workstation Security
While physical workstation security is important, IT may be best served by thinking about this topic within the framework of endpoint risks. Workstations should lock after inactivity, or incorrect password attempts, to prevent access from third parties or insiders with malicious intent. In rare cases where a user's job requires them to store sensitive personal identity information (PII) on their workstation, utilize strong encryption.
If your employees are using laptops that can be taken off-site or personally-owned workstations, virtualization can be an important method of secure connection and segregation. In addition, some file integrity monitoring offers the potential to stop security attacks at the workstation level. This can enable IT to act quickly if users click a malicious link.
5. Data Backup Issues
The ability to restore your critical files and systems to a prior state is especially important in the age of Ransomware. Full disaster recovery, whether your data is lost or corrupted, or encrypted, requires the ability to resume operations immediately in worst-case scenarios.
Off-site backups at frequent intervals are a necessity. IT teams should regularly test their ability to restore systems, files, and PII in case they suffer a breach or another form of a disaster incident.
6. User Tracking
When coupled with smart access governance policies, audit trails are a necessity for oversight. In the case of disaster or account security breach, audit logs can also be invaluable for reconstructing the source of failure.
Your audit logs should be human-readable and include sufficient information to establish the user account, events that occurred, and the time and place. To comply with PCI, SOX, and security best practices, administrative users should not have the ability to modify logs to hide behavior.
End 2016's Network Vulnerabilities in 2017
For CSOs, the most concerning network vulnerabilities might not be emerging risks. In some cases, the biggest sources of stress may be omissions of security basics that are responsible for many incidents of data loss. By recognizing the most common patterns among organizations that are at risk, you can drill down on fixing these issues today.
CimTrak enables security teams to fight the risks of common network security mistakes, even as your total endpoints and applications increase. With network-wide file integrity monitoring, you can establish total accountability with audit trails that cannot be altered.
CimTrak also offers unique, advanced protection against threats by providing admins with the ability to restore systems and files to a prior state immediately. To learn more, download our technical summary today.
February 14, 2017