IT security pros have never faced more threats, whether it’s from the huge increase in remote work or aggressive nation-state sponsored hackers like those involved in the SolarWinds breach. While there will always be new holes to plug, security vulnerabilities usually stem from the same few causes: unpatched vulnerabilities, misconfigurations or user error, and even the most tech-savvy companies are vulnerable to these mistakes.
Here are some of the most common IT security vulnerabilities and how to protect against them. By taking a proactive stance against the most common cyber vulnerabilities and security misconfigurations, you can prevent many cyber attacks from happening.
Common Vulnerabilities and Misconfigurations
Here are a few of the more common vulnerabilities – and how to defend against them.
Missing data encryption
When your data is not properly encrypted before storage or transmission, your vulnerability to a cyber threat increases.
Solution: While many software solutions exist to assist you with data encryption, you’ll need to find an encryption solution that meets your needs. Also, be sure not to rely entirely on the tech. Human error is a common cause of this type of vulnerability, so be sure to roll out policies, training and audits to ensure data is protected.
OS command injection
OS command injection, or shell injection, happens when an attacker executes operating system (OS) commands on your server while it’s running an application. This vulnerability can be used to prey upon other parts of your infrastructure to gain deeper reach into your organization. It is typically caused by incorrect or complete lack of input data validation.
Solution: The best way to prevent OS command injection vulnerabilities is to never allow OS commands from application-layer code. If that is not possible, however, strong input validation protocols must be implemented, such as validating against a whitelist of permitted values, validating that the input is a number, validating that the input contains only alphanumeric characters, etc.
Also Read: Top Active Directory Security Tools
Buffer overflow
Most software developers understand the threat posed by buffer overflow. Even still, the occurrence is common because of the wide variety of ways buffer overflows can occur, and the error-prone techniques often used to prevent them.
Solution: For server products and libraries, diligently stay up to date on the latest bug reports for your systems. For custom apps, ensure that all code from users is reviewed to ensure that it can properly handle arbitrarily large input.
Missing authentication/authorization
This vulnerability is due to insufficient authorization or authentication limitations. Attackers step in to take advantage where weak authentication or privilege limitations exist.
Solution: Many authentication vulnerabilities can be dealt with simply by tightening and fully implementing what you have. Beyond that, there are identity management and privileged access management tools, multi-factor authentication and other products that can help.
Cross-site scripting and forgery
CSRF, also referred to as XSS, XSRF, Sea Surf or Session Riding, tricks a web browser into executing an unwanted action. When it works, CSRF can impact both the business and its use.
Solution: It’s common to mitigate against this vulnerability with the use of randomly-generated tokens. For next-level protection, you can require double submission of cookies with random tokens assigned that must match before granting access to the application.
Read Also: How to Prevent Cross-Site Scripting (XSS) Attacks
URL redirection to untrusted sites
Redirects can leave the door open for attackers to drive users of your application to an untrusted external site, creating security issues for your user and leaving your reputation at risk.
Solution: Use a web application firewall, automated scanning and keep your software up-to-date to work against this common vulnerability.
Path traversal
Directory traversal (also known as file path traversal) is a common vulnerability that allows a potential attacker to read files on the server that is running your application, such as code and data, credentials for back-end systems and sensitive OS files.
Solution: Prevent a directory traversal attack by avoiding the passing of user-supplied input to filesystem APIs, if possible. If complete avoidance is not possible then adding multiple layers of defense can help deter this type of attack. OWASP offers a number of additional protective steps and also has its own prominent list of web application vulnerabilities.
Companies make common missteps that create security vulnerabilities, such as grabbing code from public sources like GitHub, Sourceforge and Bitbucket or failing to encrypt sensitive data. Acting promptly on software patches and updates also helps reduce vulnerabilities that cyber attackers wait to prey upon.
Vulnerability assessment, scanning, penetration testing and patch management are important steps for controlling vulnerabilities. They should be conducting regularly, if not continuously.
Understanding Security Misconfigurations
Misconfigured web servers and applications make easy targets for hackers to exploit. Misconfigurations can happen at any level of the tech stack – from your web server to its database to your framework or virtual machines. Cybercriminals take advantage of security misconfigurations through unauthorized access to default accounts, rarely accessed web pages, unprotected files and folders, directory listings, etc.
There is a relatively high chance that some security misconfigurations exist in your system at this very moment. If you want to see how common they are, just see this white-hat hack of Apple from a few months ago. Businesses that use a hybrid approach of in-house and cloud environments can experience the highest level of risk exposure. Keeping a careful watch for security misconfigurations during the frequent updates is an essential factor for protection. Visibility and attention are key.
Common Types of Security Misconfigurations
These are some common misconfigurations that security and IT teams should be on the lookout for:
- Applications and products under production phase in debug mode
- Running unwanted services on the system
- No proper configuration for accessing server resources and services
- Leaving default keys and passwords as is
- Incorrect exception management—can disclose unauthorized data, including stack traces
- Using default accounts with default credentials
How To Prevent Security Misconfigurations
Preventing these types of security risks can be tricky. They are not always obvious and almost never intentional. A point person or committee, a protocol to follow when setting up new web applications, and a strong QA team can all contribute to prevention.
Your system’s vulnerabilities and misconfigurations offer an “in” for cybercriminals to gain access. It’s that simple. And it’s clear that cyber criminals are looking for these opportunities at an ever-increasing clip as well as getting savvier and savvier about how to find their way in. A lack of attention and safeguards for vulnerabilities and misconfigurations can leave a business wishing, in hindsight, that they had set up protocols to address issues, improve departmental communication flows and seek out weaknesses beforehand.
Further Reading: DDoS and SQL Injection Prevention and More
Security tutorials are some of the most popular articles on eSecurity Planet. Here are some of the most popular:
- How to Prevent DDoS Attacks and Tips for Fighting DDoS Attacks
- How to Prevent SQL Injection Attacks
- Database Security Best Practices
- How to Prevent DOS Attacks
- How to Prevent DNS Attacks
- Best Malware Protection Practices
- Prevent Web Attacks Using Input Sanitation
- IaaS Security: Threats and Protection Methodologies
- How to Set Up and Implement DMARC Email Security
- Data Storage Security Best Practices
- Fine-Tuning Firewall Rules
- Managing Cloud Bucket Vulnerabilities
- How to Control API Security Risks