Self Imposed Network Vulnerabilities

An organization can create its own vulnerabilities by not ensuring that the following issues are resolved through process or procedure:

• The lack of an effective and consistent network security policy because of any of the following conditions:

- Politics Politics within an organization can cause a lack of consistency within the policies or a lack of uniform application of policies.

- Lack of a written security policy The lack of a written policy is essentially the same as not having a policy.

- Lack of continuity When personnel change too frequently, people often take less care to ensure that policies are enforced.

- Lack of disaster recovery planning The resultant confusion after a disaster often results in virtually all security efforts being dropped if the administrators are not careful in their recovery efforts.

- Lack of upgrade plans within the security policy A detailed procedure for implementing new hardware and software ensures that security does not become forgotten while implementing new equipment.

- Lack of monitoring Failure to monitor logs and intrusion detection systems appropriately exposes many organizations to constant attack without any knowledge that those attacks are occurring.

- Lack of proper access controls Improper password length, infrequent password changes, passwords written on notes attached to monitors, and freely shared passwords are all factors that can lead to security breaches.

• Configuration weakness within an organization can result in significant vulnerability exposure:

- Misconfigured equipment A simple misconfiguration can cause severe security issues.

- Weak or exposed passwords Passwords that are too short, are easily guessed, or consist of common words, especially when transmitted over the Internet, are cause for concern.

- Misconfigured Internet services Knowing exactly which services are required and which services are running ensures that Internet services do not create potential security breaches.

- Using default settings The default settings of many products are designed to assist in device configuration and production environment placement.

• All technologies have intrinsic weaknesses. These weaknesses might reside in the operating system, within the protocol, or within networking equipment:

- All operating systems have weaknesses. You must take proper measures to make these systems as secure as possible.

- Certain protocols can be exploited because of the way they were written and the functionality that was written into the protocol.

• Although all manufacturers strive to make the best product possible, any system of sufficient complexity is prone to human and mechanical errors. Additionally, all systems have their particular strengths and weaknesses. Knowing the nuances of your particular equipment is the best way to overcome technology weaknesses.

0 0

Post a comment