Everyone wants to improve network security. That is the truth of the information age: every bit of personal information is valuable and needs to be protected at all cost. Alongside that reality is the darker truth: attackers want to get their hands on that information just as much as you want to keep it protected. It goes without saying that in order to stay one step ahead of the game, we need to continually improve network security. The first step is to address the typical attack vectors that can compromise network integrity.
Listen to the People in the White Hats
You’ll notice that I didn’t say ‘hackers want to get their hands on your information’ just now. That’s because the term hacker has multiple affectations. Typical malicious attackers are considered black hats, while white hats are hackers on the good side. We look to white hat hackers for penetration testing and other skills that help improve network security by analyzing the way black hats think and move.
The folks over at Praetorian released an interesting study on the Top 5 Attack Vectors for compromising an environment. Within the scope of this study, analysts looked at 100 penetration testing reports from 75 unique organizations to develop an overview of standard method that attackers use to gain access to otherwise protected systems and networks.
My first bit of advice is always to listen to the experts, so let’s take a look at some of the information found in the report for those who might not feel like reading the entire thing.
What Are the Top 5 Attack Vectors and What Do They Mean?
According to Praetorian analysts, these were the top five attack vectors used by Praetorian between 2013 and 2016 in order to compromise entire corporate networks.*
* It is important to note here that the primary goal of these tests was to entirely compromise a corporate network. These vectors are a representation of the most vulnerable attack avenues, and do not represent the ONLY methods other attackers may use.
In order to see how we can improve network security, let’s make sure that we have a working understanding of what each of these attack vectors actually mean.
1. Weak Domain User Passwords
Weak Domain User Passwords resulted in a system compromise in 66% of instances throughout the Praetorian survey. What this refers to is poor password quality resulting in insecure account access.
The study specifically notes the problem with relying on Active Directory alone for password polices. Relying too heavily on AD will result in weaker passwords. In turn, these credentials are more likely to be cracked quickly and easily by even an entry-level attacker.
2. Broadcast Name Resolution Poisoning
This type of attack occurs when an attacker is already on the corporate network. First, attackers route system requests such as NetBIOS or MDNS to their corrupted system. From there, they are able to replay the authentication attempt in order to crack the credential offline.
3. Local Administrator Attacks
This attack type is popular because many organizations configure all systems with the same Local Admin password. By obtaining and compromising the LM/NT hash value of the password, attackers can use it to authenticate and execute admin level commands on other systems in the network – provided these systems require the same admin password.
The attacker doesn’t even have to know the ACTUAL password, just the hash.
4. Cleartext Passwords Stored in Memory
Newer versions of the Windows OS and Microsoft Server have been patched and/or updated to address this particular issue. However, many modern version of Windows still store domain credentials in memory as cleartext. If an attacker is able to read memory, a system-wide compromise is not far out of reach.
5.Insufficient Network Access Control
Poor Access Control Lists (ACLs) provide attackers with an entirely new avenue by corrupting any system on the network. If ACLs are not managed adequately and systems have access outside of the user’s typical business need, a single system compromise could lead an attacker directly to critical network systems.
Using This Information to Improve Network Security
Those are only the most obvious attack vectors that organizations have to worry about. However, how do you improve network security against these types of attacks? The smartest method is to approach each problem individually, as opposed to network security as a whole. Smaller chunks of vulnerabilities are much more manageable for teams of any size. In this way, testing and verification can be done to prevent other systems from breaking because of a fix.
Additionally, introducing security software to address these issues takes the strain away from your local IT department. A secure SSO solution with cybersecurity capabilities will address the largest of these attack vectors. Utilizing these tools will improve password quality and help to further secure the authentication process. The additional reduction of the workload for local resources make it that much simpler to improve network security.
Attackers should not have the upper hand. We know what they want, and now we know the most likely ways they will try and get it. Together, we can improve network security and keep your environment safe and secure without impacting your end-users.
Want to learn more about how Scooch can improve your security? Contact us for a free demo today!