The Security Gap Six

We get asked about how to secure a company’s IT infrastructure almost every day. Company leaders are looking for us to perform risk assessments, create data breach and incident response plans, conduct penetration testing, or test backup and disaster recovery readiness.

But what we find that security gaps are typically found in the six common places in the network. If you investigate these six areas of your network, you are likely to be able to find and fix the biggest offenders when it comes to your security.

Let’s start with passwords. Single-factor passwords are among the biggest precipitators of data breaches. Eight in 10 hacking incidents involve a stolen or weak password, according to the 2019 Verizon Data Breach Investigations Report. It’s not just end users who fail to protect their accounts. Some routers, switches and storage devices are set up and configured without any changes to their default login credentials, while others contain hardcoded passwords that in theory could be entered by attackers to access the network.

Implement strong passwords wherever possible. Use established authentication frameworks that don’t leak details such as session intrusion detection systems. Moreover, deploy multi-factor authentication so that leaked data alone isn’t enough for an outsider to log in.

You probably wouldn’t drive a car or ride in an airplane that had a publicly documented history of major defects. However, a similar situation is commonplace with business applications, many of which are rife with known yet unpatched exploits. Recently WordPress had an issue with the GDPR plugin that left over 700,00 websites vulnerable to attack. Attackers accomplish this as snippets of code are pulled from random developers on GitHub or online forums. These components may be active in production systems for years despite proven vulnerabilities to attack. Always verify any new code or software entering your organization, especially if it was produced by a third party.

When vendors began issuing patches for the recently discovered Meltdown/Spectre CPU exploits, many end users . The drop-off was most pronounced on older devices with less efficient processors running Microsoft Windows 7 and 8, along with servers with significant I/O workloads. Users had to choose between a significant slowdown and the risk of having their sensitive data intercepted by malware. One lesson here is that aging IT assets can become major liabilities. Even if they aren’t specifically compromised by advanced attacks, their long-term performance deterioration makes them vulnerable to further slowdowns from the resulting patches and updates adding new overhead. One example of this was the WannaCry ransomware that exploited a legacy version of the Server Message Block protocol.

In many cases firmare on your devices such as firewalls, switches, access points, and printers have resulted in systems being compromised. We have also seen a rise in IP cameras being attacked and used for exploits against the network.

Unintended configuration on the firewall that give permission to access data and infrastructure because a change was made “to make it work” and leaves behind access to unintended users. In these cases it leaves bad actors an in road to take down resources or infect them. Human error is usually the culprit here. Having quality control on all changes and having a change order request approved before applying the configuration is the right way to go, but in many cases the pressure to make it work is what we typically see.

In many cases we see that the infrastructure is just poorly designed or planned. Think of a network as a house. After time and growth within an organization infrastructure is added on as an afterthought. Soon the layout begins to be a problem. That bathroom add-on begins to have water pressure issues or drainage problems when the washing machine is running. They are both using the same water supply and drainage. This is just an analogy is just an example of how adding infrastructure as an afterthought can be headaches over time. When you have an infrastructure that doesn’t take security in mind when it is being designed, you are leaving your infrastructure open to attack.

We see more and more companies moving infrastructure to public and private cloud hosting. When companies operate in this manner you need visiblity into who and what is accessing your system. Most companies think the hosting provider will provide that security, but unfortunately that is not the case.

Gaps That Can Exist Outside These Six

If you are reviewing these six areas regularly, then it can give you some good measure of assurance that the usual suspects of network breach are well in hand. But that is not to suggest that security gaps cannot be found in other places. This is why it is so important to schedule intermittent penetration tests, which we will cover in our next TAGITM article.