A vulnerability is a security weakness that cybercriminals can identify and use to get unauthorized access to computer systems & networks.
Some common tactics cybercriminals use are SQL injection (SQLi), cross-site scripting (XSS), and buffer overflow.
What distinguishes a Security Vulnerability from a Security Incident?
Think of it like this: If your front door is unlocked and your windows are wide open, you might wonder why anyone would want to enter your house since there’s nothing particularly valuable inside. While this isn’t an invitation to burglars, it does increase the risk of someone entering without your permission.
Such a situation can be described as being vulnerable.
When a burglar breaks in and takes away things that he finds worthy enough can be described as a security incident.
What are the types of security vulnerabilities?
Just as I mentioned in the previous analogy about the unlocked door and open windows, these two scenarios can be described as vulnerabilities.
I employ that analogy to illustrate four categories of security vulnerabilities.
Process Vulnerabilities.
Human Vulnerabilities.
Network Vulnerabilities.
Operating Systems Vulnerabilities.
Process Vulnerabilities.
When the procedures laid out to act as security measures are insufficient, they are referred to as process vulnerabilities.
One common example here is a weak password.
Human Vulnerabilities.
This category includes all the human errors that can expose the hardware, sensitive data and networks to cybercriminals.
Humans or employees are often the weakest link in maintaining the security level.
Other common issues under human vulnerability include opening email attachments infected with malware or forgetting to install software updates on your mobile device. When you then connect your mobile to the office internet, it creates a pathway that cybercriminals can exploit.
We once had a client who didn’t take cybersecurity seriously. They believed, “Who would bother hacking my network, anyway?”
His LinkedIn account got hacked, and he couldn’t access it. Unfortunately, LinkedIn didn’t provide any support email as of October 2023. To solve this, we used someone else’s LinkedIn account to purchase Sales Navigator. Then, we identified senior LinkedIn executives in India using LinkedIn search sent connection requests to 50 of them, and 15 accepted. We explained our issue to those who accepted, and eventually, it got resolved after a challenging and mentally draining 7-day process. This was especially important because the client had 5,000 valuable 1st connections on LinkedIn, which made it crucial to regain access.
Network Vulnerabilities.
These are problems related to a network’s hardware or software that could make it susceptible to outside intrusion. Examples might include unsecured Wi-Fi access points and improperly configured firewalls.
I’d like to focus on particular issues arising from incorrectly configured firewalls.
What are some common firewall vulnerabilities that one should be aware of and take measures to avoid?
Insider Attack.
Perimeter firewalls guard against outside attacks. But what about threats from within? Here, perimeter firewalls fall short, as the attacker’s already inside.
However, firewalls can still safeguard you – IF you have an internal firewall on the top of the perimeter firewall. They segment network assets, making it tougher for attackers to navigate. This buys you more time to respond.
Missed Security Patches.
This issue arises if the network firewall isn’t configured properly.
Firewalls, like any software, have vulnerabilities attackers can exploit. When a firewall is exploited, the manufacturer becomes aware and begins developing a set of codes to prevent the attacker from breaking through.
Afterwards, they release this code set to all their customers, often called a patch update.
Firewall OEMs create patches to fix these issues.
But until you apply these patches to your firewall, the vulnerabilities remain, ready for exploitation.
To solve this, follow a strict patch management schedule. Regularly check for security updates and apply them promptly.
Configuration Mistakes.
A poorly configured firewall can still cause issues even with the latest firewall updates. This might lead to network performance problems or, in some cases, render the firewall ineffective.
For instance, enabling dynamic routing, although generally considered a security risk, is still active in some company firewalls, creating a vulnerability.
Think of it as locking your front door but leaving open the back window. You’re undermining your security efforts and making it easier for potential intruders.
Lack of Deep Packet Inspection.
Less advanced firewalls often rely on checking where data packets come from and where they’re headed, which attackers can manipulate.
To enhance security, consider using a firewall capable of deep packet inspection, which scrutinizes data packets for known malware so that it can be rejected.
Alone, firewalls cannot protect your network from all the threats out there. However, they can be integral to a larger cybersecurity strategy to safeguard your business.
Operating Systems Vulnerabilities.
The vulnerabilities are related to the specific operating system being used.
A common example here is a Denial of Service attack. In this attack, the cybercriminal sends multiple fake requests to clog the operating system until it becomes overloaded.
When the operating system is outdated or unpatched, these issues are common.
What methods can businesses use to recognize these security vulnerabilities?
The one-word answer is scanning.
This is an investigative approach used to uncover weaknesses within a system. It involves probing for gaps that cybercriminals could exploit. Often, third-party applications are employed for this purpose.
As mentioned earlier, network scanning is advisable to keep your network secure.
How frequently should security vulnerability scans be conducted?
The effectiveness of this approach relies on the frequency of scanning.
Some businesses perform vulnerability scans annually, while others do quarterly or monthly. While there isn’t a prescribed scanning frequency, we recommend conducting scans every month.
What should you do next once you’ve found the security vulnerabilities in the scan?
Remedification.
After finding the vulnerabilities, you must understand which ones pose a significant risk. You need to prioritize that when you plan to fix the vulnerability.
Fixing the vulnerabilities involves where you are either patching or blocking the void.
Is your Network Safe? Find out with our security vulnerability checkup.
To summarize, here’s a list of security vulnerabilities you should be aware of:
Process Vulnerabilities.
Human Vulnerabilities.
Network Vulnerabilities.
Operating Systems Vulnerabilities.
Here are the steps you should take:
Frequently Scanning
Determining which vulnerability to address first
Patching or blocking the void.
- What threats are on your network;
- If (and what) data has been leaked,
- Exploited vulnerabilities and attacks on your network and
- Recommendations of ways to protect your network from future risks.
At DecodingIT, we are dedicated to assisting you in discovering the ideal security solutions for your issues. We prioritize your safety and strive to provide excellent service.
Following the checkup, we’ll deliver a report with the findings and recommendations to help you protect your network.