Computer network security vulnerabilities have become one of the most pressing concerns for network and security professionals. They consistently pose a serious threat to an organization’s efficiency and effectiveness.
Before a hacker breaches an organization’s security, the network administrator must proactively determine the network’s security vulnerabilities. Organizations must invest adequately in measures to combat this security threat, bringing even the most robust computer network infrastructures to a halt.
When certain measures are implemented, such as asking the right questions and anticipating every step and potential threat, network vulnerabilities can be successfully contained. Determine what an intruder can see on a target system, what the intruder can do with the information, and whether there are ways to verify the footprints after a potential breach.
Any network administrator must be familiar with the design flaws that expose an operating system and its associated applications to attack. It is critical to have a thorough understanding of products and technologies. He also gathers information on viruses and worms, identifies and corrects network vulnerabilities, obtains data that aids in the prevention of security issues, and, in the event of a successful attack, a way to recover promptly.
This post will briefly explore some easy steps and measures to proactively contain common network vulnerabilities.
1. SQL injection
SQL injection is a security exploit whereby the attacker injects Structured Query Language (SQL) code through a web form input box to access resources or make changes to data.
In this case, the attacker injects SQL commands into a web application database backend to exploit nonvalidated input vulnerabilities and, as a result, execute arbitrary SQL commands through the web application. It is easier for attackers to inject commands because programmers use sequential commands with user input.
To prevent SQL injection,
a. Restrict database connection privileges.
b. Turn off the error messages that are too long to read.
c. Keep the system account safe.
d. Conduct a source code audit
e. Never trust user input; instead, verify all textbox entries using authentication, validation controls, regular expressions, code, etc.
f. Always use parameterized SQL or stored procedures instead of dynamic SQL.
g. Never connect to a database with an admin-level account; instead, connect to the database with a limited access account.
2. Password cracking
Password cracking means the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password.
Cracking passwords does not always necessitate the use of sophisticated tools. It could be as simple as stumbling across a sticky note with the password written on it stuck to the monitor or hidden beneath a keyboard. Another crude technique is “dumpster diving.” An attacker rummages through trash, searching for discarded documentation that may contain passwords.
Of course, attacks can be far more sophisticated, involving brute force, dictionary attacks, and hybrid attacks. A password cracker’s primary goal is to obtain the target system’s root/administrator password; this is because the administrator right grants the attacker access to files and applications and the ability to install a backdoor, such as a Trojan, for future access to the system.
To prevent password cracking,
a. Make sure your passwords are at least eight characters long.
b. Lower and upper case letters, numbers, special characters, and other characters should all be included in passwords. It’s more difficult to crack as a result of this.
c. Passwords should not be words that are easily found in a dictionary.
d. Passwords should not contain public information such as social security numbers, credit card numbers, or ATM card numbers.
e. Personal information should never be used as a password.
f. Different usernames and passwords should be used.
g. Setting strong password policies can help managers and administrators improve the security of their networks. This can be improved by incorporating password requirements into organizational security policies.
h. When installing new systems, make sure to change the default passwords right away.
Phishing is a method of obtaining information such as usernames, passwords, and credit card numbers by impersonating a legitimate entity. Communications posing as communications from well-known social media sites, auction sites, online payment processors, or IT administrators frequently deceive the unwary public. As a result, a user is persuaded to divulge sensitive information.
Phishers entice users to fill out personal information on bogus websites. Phishing is primarily used to access a customer’s bank accounts, passwords, and other sensitive information. Phishers can deceive users by persuading them to visit a fake website with a domain name that is slightly different from the original website and difficult to distinguish. They use legitimate hyperlink images to create a link to an unauthorized website. Phishers may also take advantage of SMTP (Simple Mail Transfer Protocol) flaws. Phishing entails registering a fake domain name, creating a spoof website, and sending emails to a large number of people.
How to prevent phishing
Anti-phishing software is a good way to prevent phishing attacks. This software detects phishing attacks on a website or an email sent to a customer. As an integral tool, the software displays the real website domain that the customer is visiting by residing on web browsers and email servers. It’s worth noting that phishing attacks can be avoided on the server and the client. PhishTank Site Checker, Nercraft, GFI MailEssentials, and SpoofGuard are some of these tools.
This program or device captures critical data from network traffic specific to a specific network. Sniffing is a data interception policy aimed at stealing passwords (from email, the web, FTP, SQL, or telnet), email text, and files in transit, among other things. Telnet, HTTP, FTP, POP, NNTP, SMTP, and IMAP are all vulnerable to sniffing. Sniffing can be passive (e.g., sniffing through a hub, which is difficult to detect) or active (e.g., sniffing through a router) (sniffing through a switch).
To prevent/contain the excesses of sniffers:
a. Figure out which machines are in promiscuous mode.
b. Physical access to network media is restricted, making it impossible to install a packet sniffer.
c. The best security measure against sniffers is encryption. It would not stop a sniffer from working, but it would ensure that what the sniffer reads is irrelevant.
d. Update the system with the latest patches or other lockdown techniques.
e. Add the gateway’s MAC address to the ARP cache indefinitely.
f. Change the remote login protocol from telnet to SSH to make it easier.
g. Use static IP addresses and ARP tables for small networks while enabling port security features for large networks.
Anti-sniffing tools like ARP Watch and Prodetect should be used.
5. Viruses and worms
A virus is a self-replicating malicious program that copies itself into other executable codes and operates without the user’s knowledge, posing a serious threat to business and personnel.
While the program to which it is attached is running, it resides in memory and replicates itself. It can change its appearance by changing codes. Viruses hide from detection by encrypting themselves into cryptic symbols, altering the disc directory data to compensate for the extra virus bytes, or redirecting disc data using stealth algorithms. On the other hand, Worms differ from viruses in that a virus necessitates human intervention to infect a computer, whereas a worm does not. A worm is a virus that can replicate and use memory but cannot attach to other programs. A worm, unlike a virus, automatically spreads throughout an infected network.
Some indications of virus threat include:
a. Programs take longer to load than usual;
b. The computer’s hard drive is constantly running out of space;
c. Files have strange, unrecognizable names;
d. Programs behave erratically;
e. Resources are quickly depleted.
Viruses and worms are largely put on a check by installing up-to-date anti-virus software that routinely scans the system at scheduled times. Integrity checking and interception are other virus detection methods.
It is a malicious program that does not spread on its own. Historically, the term has been applied to applications that appear useful and legitimate but perform malicious and illicit activities on a computer. Security software disablers, data-sending Trojans, remote access Trojans, destructive Trojans, proxy Trojans, FTP Trojans, and denial-of-service Trojans are Trojan types. Physical access, instant messenger applications, attachments, browser, and email software bugs, fake programs, untrusted sites, and freeware software, downloading files, games, and screensavers from the internet, legitimate shrinkwrapped software package by a disgruntled employee, and so on are all ways Trojans can gain access to a system. They often hide deep within the system, altering the registry to allow it to function as a remote administration tool. The Trojan severely harms many protocols and ports.
To detect Trojans:
a. Use tools like Ethereal to scan for suspicious network activity regularly.
b. Use tools like MS Config to scan for suspicious registry entries regularly.
c. Use Netstat, Fport, and TCPView to regularly scan for suspicious open ports.
d. Run a Trojan scanner regularly to detect Trojans.
e. Check for running processes regularly.
f. Remove any device drivers that appear to be suspicious or unaccounted for.
g. Download and install anti-Trojan software.
Spamming involves populating the inbox of a target group with junk or unsolicited emails. Spammers get access to the email IDs when the user registers to any email service, forum, or blog by hacking the information or registers as genuine users. Spam emails sometimes contain malicious computer programs such as viruses and Trojans that cause a change in the computer system or serve as a tracking tool. Some techniques used to effect spamming include spoofing the domain, social engineering, directory harvesting, phishing, sending virus-attached files, database poisoning, etc. however, spamming has a legitimate use, as is the case in advertising. Ant-spam tools such as AEVITA and Spam Bully should be installed to contain spamming.