Computerworld Philippines :: Networks Security Today's News :: The 10 dumbest mistakes network managers make

Peer Perspective. IT Leadership. Business Results

KNOWLEDGE CENTER

The 10 dumbest mistakes network managers make

4. Misconfiguring your access control lists.

Segmenting your network using access control lists is the simplest way to make sure that systems communicate only with the systems that they should. For example, if you allow business partners to access two servers on your network through your VPN, you should use the access control lists to make sure that these business partners only have access to these two servers. Then if a hacker comes into your network through the opening for business partners, the hacker can only get into the data on these two servers.

“Often a bad guy coming into the network through the VPN has access to everything,” Tippett says. Indeed, having properly configured access control lists would have protected 66% of the records that were compromised last year, according to the Verizon report. The reason CIOs don’t take this simple step is that it involves using your routers as firewalls, and many network managers don’t want to do that.

5. Allowing nonsecure remote access and management software.

One of the most popular ways for hackers to get into your network is to use a remote access and management software package, such as PCAnywhere, Virtual Network Computing (VNC) or Secure Shell (SSH). Often, these software applications are lacking the most basic security measures, such as good passwords.

The simplest way to find this problem is to run an external scan across your entire IP address space to look for PCAnywhere, VNC or SSH traffic. Once you find these applications, put extra security measures on them such as tokens or certificates in addition to passwords. Another option is to scan the Netflow data of your external facing routers and see if you have any remote access management traffic flowing across your network.

This problem is common enough to account for 27% of the compromised records in the Verizon Business report.

6. Failing to test noncritical applications for basic vulnerabilities.

Nearly 80% of all hacking attacks are the result of security holes in Web applications, according to the Verizon Business report. Network managers know that their biggest vulnerability is in Web applications, so they put all of their effort into testing their critical and Internet-facing systems.

The problem is that most hacking attacks leverage security mistakes in noncritical systems inside networks. “The main problem is that we’re testing like crazy the critical Web applications, and we’re not testing the non-Web applications,” Tippett says. He recommends that network managers test all of their applications for basic vulnerabilities.

“People have been taught forever to focus in order of criticality, but the bad guys don’t know what’s critical or not. They go in order of what’s easy,” Tippett says. “Once they get inside your network, they can set up shop, take their time and watch your traffic.”

7. Not adequately protecting your servers from malware.

Malware on servers accounts for 38% of all security breaches, Verizon Business says. Most malware is installed by a remote attacker and is used to capture data. Typically, malware is customized, so it can’t be discovered by antivirus software. One way for network managers to find malware such as keylogger or spyware on their servers is to run host-based intrusion-detection system software on every server, not just critical servers.

Tippett suggests a simple way to prevent many of these attacks: Lock down servers so that no new applications can run on them. “Network managers hate to do that because they might want to add new software later,” Tippett says. “I tell them to just unlock the lock, install the new software, and then lock it up again.”

8. Failing to configure your routers to prohibit unwanted outbound traffic.

One popular form of malware involves putting a backdoor or command shell on a server. One way to prevent a hacker from taking advantage of a backdoor or command shell is network segmentation using access control lists. This way you can prevent servers from sending traffic that they shouldn’t be sending. For example, a mail server should only send mail traffic, not SSH traffic. Another option is to use your routers for default deny egress filtering, which blocks all outbound traffic except for what you want leaving your network.

“Only 2% of companies do this. It baffles me as to why the other 98% don’t,” Tippett says. “Default deny egress filtering is trivial.”

9. Not knowing where credit card or other critical customer data is stored.

Most companies think they know where critical data such as credit card information, Social Security numbers or other personally identifiable information are stored, and they harden these servers with the highest levels of security. But often, this data is stored somewhere else on the network such as at a backup site or in the software development department.

It’s these secondary, noncritical servers that often get attacked and lead to the majority of data breaches. One easy way to find out where critical data is stored is to conduct network discovery. “We typically stick a sniffer on the network and we see where the critical data is supposed to be and then we see where else it goes,” Tippett says.

10. Not following the Payment Card Industry Data Security Standards.

Dubbed PCI DSS, this set of 12 controls for protecting cardholder information work, Tippett says. “Most people don’t even try to meet the PCI standards,” Tippett says. Sometimes a company follows these controls for the servers where it knows it stores credit card data, but not on the other unknown servers that host this critical data.

Even though 98% of all compromised records involve payment card data, only 19% of organizations with security breaches followed the PCI standards, according to the Verizon Business report. “It’s obvious. Follow the PCI rules. They basically work,” Tippett says.

Possibly Related Posts: