Networks suffer from hardware failure, administrator error, bugs in purchased or internally written software, and power and heating problems, but security has become a primary concern. Hacking is now a high-income profession, with hackers gaining access to valuable information, such as Social Security numbers and confidential corporate or government information.
Below are some common network vulnerabilities enterprise network teams should actively monitor for and methods they can use to prevent attacks.
The term malware covers multiple types of attack. Phishing and spear phishing are now common methods used to capture login IDs and passwords. For example, in phishing attacks, users open what appears to be a legitimate email, but the malware inserts code that seemingly causes the user accounts to log out. When the users log back in, the malware captures their keystrokes.
Spear phishing is particularly dangerous, as the attack typically focuses on a specific target and appears to come from a trusted source, such as a work associate. Social media often has weak security, enabling hackers to find the names of associates mentioned in a post and use them in an attack.
Two-factor authentication offers protection by making it insufficient for users to log in with only a user ID and password. When users attempt to log in, the site sends a text or email with a code that must be entered in order to log in. This process helps prevent hackers from entering the site.
Ransomware attacks have become more prevalent. In this type of attack, hackers break into a site and prevent access for legitimate users. Hackers then demand a high fee to reenable usage of the site — often, the only option for a victim organization is to pay the attacker.
It is possible to prevent such attacks, however. One way is to maintain frequent backups that enable administrators to restore the system with data that is up to date as of the previous backup. Sometimes, a daily backup is sufficient, while other instances require continuous backup. In any case, it’s important to choose a protection product with ransomware protection and keep it updated.
Denial-of-service or distributed denial-of-service (DDoS) attacks flood a site with so many incoming packets that it becomes inaccessible to legitimate users. The distributed form uses multiple systems to create a larger stream of packets than a single system could generate.
DDoS protection is available from service providers, with the ability to filter out attacking packets, or from one of the available DDoS protection products.
The increasing use of IoT devices may also be problematic for networks. In one instance, home surveillance cameras were the source of a major attack. The hacker inserted code into a large number of poorly protected cameras, directing them to stream packets and attack a particular firm.
Teams can implement security policies and segmentation specifically for IoT devices in addition to adequate network monitoring and visibility.
Maintain best practices to limit vulnerabilities
Network administrators should be proactively prepared to take appropriate action against common network vulnerabilities. This means they should keep abreast of new attack types, maintain best practices — such as changing passwords regularly — and keep up with software updates.
Attacks cannot be completely eliminated, and hackers will continually create new methods. But these suggested methods can help greatly reduce the possibility of successful attacks.