The correct answer to the question “where is my network vulnerable to attack?” To some extent, that’s the nature of the Internet beast; if you have a door open to the world, then it’s inevitable that someone will try to open it up. And there’s a good chance that they’re not doing it just to say hello.
Dan Ingevalson, the director of professional security services at Internet Security Systems, says that enterprises have gotten better at managing security vulnerabilities, but the increasing complexity of networks and network-borne applications make perfect protection impossible. “There is always going to be some level of complexity in a network that will create a network security vulnerability,” he says.
Having said that, some open doors are bigger and more common than others. A big part of maintaining network security, says Mark Curphey, senior director of consulting at Foundstone Services, a division of McAfee Inc., is knowing where these vulnerabilities are, and knowing how to plug them up.
Network edge devices: Though well-publicized, worms and viruses continue to be a common and, to some extent, under-appreciated network threat says Yankee Group senior analyst Jim Slaby. “We haven’t seen a really big, really pervasive worm like Blaster or Slammer in some time, but they are waiting in the wings,” he says. “It’s not that people are complacent, but the problem with worms is that they’re zero-day exploits. Signature defenses only work against things that you’ve seen before, or someone has seen before you, and they proliferate quickly.”
Although the high-profile worms of the last years have trained network security personnel to respond quickly and apply patches diligently, penetration tests still find perimeter holes — big, gaping holes, according to Curphey. “You see border routers with their admin interfaces open, so people can manage them from home,” he notes.
One company left a particularly flagrant open door to its networked printers, despite locking down every other process with a virtual private network (VPN). “The reasoning was that people could print without having to deal with the VPN,” Curphey says. “But the networked printers had IP addresses, making them a convenient and undefended jumping off point to the whole network.”
Web servers and Web applications: The Web is usually the meeting point between the enterprise and the outside world, and it is here that many organizations leave themselves vulnerable. With Web servers sitting off the firewall in a demilitarized zone (DMZ), they can often be the ideal gateways to internal company processes, according to Curphey. “Web servers without patches and passwords are frighteningly common,” he says. “It’s a lack of process, more than anything else. Organizations push these things out and someone forgets to update the software.”
According to Ingevalson, three-quarters of hacker attacks are on Web servers, since “that’s what’s out there.” This is particularly dangerous with the proliferation of Web applications. “Attacks have typically moved up into the application layer, and that’s one of the hardest things to protect against because there’s no one-size fits all solution.
Unprotected mobile and off-site endpoints: Even with the edge devices and Web servers locked up, one of the most common oversights is the vulnerabilities that organizations bring inside their networks.
Wireless networks: None of this is helped by the increasing prevalence of wireless networks. You just have to wander the streets of a big city like New York, opening your laptop in parks and cafes, to see how many unsecured wireless networks there are.
Voice over IP: For all of the potential points of attack on enterprise networks, it’s sobering to think that the technological push for Voice over IP [VoIP] has added one more. And it’s a vulnerability whose scale we haven’t even begun to consider.
http://www.networkingpipeline.com/163700201