Smart TV
Description:
A smart TV is a digital television that is, essentially, an Internet-connected, storage-aware computer specialized for entertainment. Smart TVs are available as stand-alone products but regular televisions can also be made “smart” through set-top boxes that enable advanced functions.
Vulnerabilities:
Until recently all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code. A new vulnerabilty sees an attacker use a TV transmitter to send malicious commands on a rogue signal, that is broadcast to multiple TVs simultaneously. However a hacker takes control over the TV of an end user, he can harm them in a variety of ways: personal data can be copied, spy on users via the microphone and camera, settings for a home security network connected to your TV can be turned off, use of the smart TVs as relay points for attacks on enterprise networks, backdoors created that could be used to run DDoS botnets.
Laptops
Description:
Laptop computers, also known as notebooks, are portable computers that you can use in different environments to the office. They include a screen, keyboard, and a trackpad or trackball, which serves as the mouse.
Vulnerabilities:
Laptops are portable, include full operating systems, can operate using an internal battery and come with a Ethernet ports for connecting directly to a network. It is possible that these devices may already have malicious code running in the background that is tasked to scour the network and find additional systems to infect that activates when network connection occurs. These devices can belong to an internal employee or a guest who's visiting and working from an open environment or office network.
All companies have some form of sensitive information that needs to be managed and controlled and therefore should not leave the office environment The danger is when that information is stored on mobile devices that have not been secured through device encryption or access control it is very easy to compromise the Confidentiality or Availability of the information.
Desktop PCs
Description:
A desktop computer is a computer system designed to be used at a table or desk. Some desktop computers have a separate monitor and system unit, while others are "all-in-one" models, in which the monitor is built into the computer. All-in-one computers are designed to sit on a desktop, while system units are usually placed on the ground. Both types of desktop computers include a keyboard and mouse as input devices.
Vulnerabilities:
They are targeted by system attackers.
Attackers find faults in desktop and workstation applications (such as e-mail clients), unpatched Operating systems, out of date Anti-Virus and execute arbitrary code, implant Trojan horses for future compromise, or crash systems. Further exploitation can occur if the compromised workstation has administrative privileges on the rest of the network.
A main hardware threat is the DDR DRAM security issue, which isn’t possible to solve via any software patch and is the vulnerability known as Rowhammer.
Smart Home Hub
Description:
In general a Smart-Home Hub acts as the central point of contact for a network of smart devices that may include door locks, window and door sensors, lighting controls and many other devices.
Vulnerabilities:
Smart home Hubs today are similar to a consumer-grade wireless router. They are generally small devices which house one or more wireless antennas and support multiple communications protocols including Wi-Fi, Z-Wave, Bluetooth and many others.
There are numerous vulnerabilities that could be used by attackers to gain administrative control of the hubs. Hubs can be compromised via SQL-injection vulnerabilities, and once an attacker has control they can then use the hub as a “jump off” point to issue commands to other connected smart devices and networks in the home.
Once a user has installed the hub, they are prompted to install the supporting App on their mobile Smart device. The hub takes care of issuing the correct commands to each connected device. With this convenience, however, comes risk: a malicious party taking control of a hub could control the entire house and any connected devices.
Home Working
Vulnerabilities:
Companies are putting themselves at risk by exposing their networks to employees’ networks and devices. Malicious software can easily bypass companies' external network security if they can exploit the vulnerabilities of home networks. Home PCs may not be as prone to attack as networks or servers, but since they often contain sensitive data, such as credit card information, bank account data or general personal sensitive information. As such they are targeted by system Hackers, Phishing attacks and Malware.
Attackers find vulnerabilities in desktop and workstation applications such as e-mail clients, software and configuration and execute arbitrary code, implant Trojan horses, virus’, worms, malware etc for future compromise, or crash systems creating a Denial of Service (DOS).
EPOS
Description:
EPOS (Electronic Point Of Sale) is any computerised system, which may include devices such as barcode readers, scanners, and touchscreens, used to record sales and control stock.
Vulnerabilities:
The methods used include skimming, supply chain integrity, memory scraping (including specific malware), forcing offline authorization, attacking the application, sniffing, 3rd party usage, and crimeware kit usage.
PCI-DSS
Description:
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
Vulnerabilities:
In order to mitigate the vulnerabilities associated with any network or computer system. The PCI Data Security Standard specifies twelve requirements for compliance. Vulnerabilities in network devices and systems present opportunities for criminals to gain unauthorized access to payment card applications and cardholder data. To prevent exploitation, organizations must regularly monitor and test networks to find and fix vulnerabilities.
Smart Phones
Description:
Smartphones combine standard mobile phone features with advanced features found on Personal Device Assistants (PDAs). Smartphones include e-mail and Web surfing capabilities, as well as the ability to display photos, and play music and video files.
Vulnerabilities:
They are full-functioning computers, complete with Wi-Fi connectivity, multithreaded operating systems, high storage capacity, high-resolution cameras and vast application support. These devices have the potential to pose the same threats seen with notebooks and USB Devices. Smart phones now utilise biometric technology for user log in, however this is a used defined security control and if not implemented defaults to the simple PIN log in.
Laptops
Description:
Laptop computers, also known as notebooks, are portable computers that you can use in different environments to the office. They include a screen, keyboard, and a trackpad or trackball, which serves as the mouse.
Vulnerabilities:
Laptops are portable, include full operating systems, can operate using an internal battery and come with a Ethernet ports for connecting directly to a network. It is possible that these devices may already have malicious code running in the background that is tasked to scour the network and find additional systems to infect that activates when network connection occurs. These devices can belong to an internal employee or a guest who's visiting and working from an open environment or office network.
All companies have some form of sensitive information that needs to be managed and controlled and therefore should not leave the office environment The danger is when that information is stored on mobile devices that have not been secured through device encryption or access control it is very easy to compromise the Confidentiality or Availability of the information.
Tablets
Description:
Tablets are used in a similar way to laptops however in many instances the software programs are different since they are typically designed for a touchscreen interface.
Vulnerabilities:
Mobile Security Threats for Smart Phones, Tablets, & Mobile Internet Devices top 5 vulnerabilities:
- Data leakage. Mobile apps are often the cause of unintentional data leakage
- Unsecured Wi-Fi
- Network spoofing
- Phishing attacks
- Spyware
USB & Removeable Media
Description:
Stands for "Universal Serial Bus." USB is the most common type of computer port used in today's computers. It can be used to connect keyboards, mice, game controllers, printers, scanners, digital cameras, and removable media drives etc.
Vulnerabilities:
USB drives are the most common way you can infect a network, or PC. Reasons for this is that they are small, can hold a lot of data and can be used between multiple computer types. So common are USB drives that hackers have developed targeted malware, such as the Conficker worm, that can automatically execute the extraction of the malware upon connecting with an active USB port. that the main concern is that default operating system configurations allow programs (including malicious ones) to run automatically.
Many other types of media devices are also capable of storing data on common file systems that can be read and written to through a USB port or similar connection. Since it isn't the primary function of these devices, they are often forgotten as a potential threat. The fact is, if an end point can read and execute data from the device, it poses the same threat as USB drives. These devices include digital cameras, MP3 players, printers, scanners, fax machines and even digital picture frames.
CD / DVD
Description:
CDs can hold up to 700 MB of data. The data on a CD is stored as small notches on the disc and is read by a laser from an optical drive.
A DVD is a high-capacity optical disc that looks like a CD, but can store much more information. While a CD can store 700 MB of data, a single-layer, single-sided DVD can store 4.7 GB of data.
Vulnerabilities:
Recordable media that appears to be legitimate can and has been used to piggyback malicious data packets in and out of networks and therefore can be used as a source for network infection.
Email & Attachments
Description:
E-mail is part of the standard TCP/IP set of protocols. Sending messages is typically done by SMTP (Simple Mail Transfer Protocol) and receiving messages is handled by POP3 (Post Office Protocol 3), or IMAP (Internet Message Access Protocol). TCP/IP stands for "Transmission Control Protocol/Internet Protocol. These two protocols were developed in the early days of the Internet by the U.S. military. The TCP part has to do with the verifying delivery of the packets. The IP part refers to the moving of data packets between nodes. TCP/IP has since then become the foundation of the Internet. Therefore, TCP/IP software is built into all major operating systems, such as Windows, and the Mac OS.
IMAP is the newer protocol, allowing you to view and sort messages on the mail server, without downloading them to your hard drive.
Vulnerabilities:
E-mail is frequently used within businesses to send and receive data. Messages with confidential information can easily be forwarded to any external target without the originator being made aware. In addition, the e-mails themselves can carry malware, viruses etc. or be the vehicle for their delivery via attachments.
A single targeted e-mail could phish for access credentials from an employee and these stolen credentials would then be leveraged in a second-stage attack.
User
Description:
All human intereaction with any part of the network or equipment
Vulnerabilities:
Recent statistics indicate that 93 percent of data breaches are actually caused by the human factor, with employees of an organization often being a weak link in the protection of its information assets. The rise of BYOD (Bring Your Own Device) and the cloud, have altered the way people use technology and handle data. Sensitive information is being replicated across different, and sometimes personal, devices and as a result, organisations are becoming increasingly vulnerable to data breaches from inside their own networks. This is without considering the deliberate actions of an individual as a Trojan Human (attackers who visit sites or businesses disguised as employees or contractors).
Some examples of the vulnerabilities associated with the human factor, specificaly employees:
- Emailing documents and data
- Installing unauthorized software and apps
- Removing or disabling security tools
- Taking data out of the office (paper, mobile phones, laptops)
- Social interaction
- Mailing and faxing documents
- Customer ineraction
- Discussing work in public locations
- Letting unauthorized persons into the office (tailgating)
- Opening spam emails
- Connecting personal devices to company networks
- Writing down passwords and sensitive data
- Losing security devices such as ID cards
- Lack of information security awareness
- Keying data
- Former employees working for competitors
- Disenchanted employees or former employees conducting deliberate malicious activity
Wi-Fi Network
Description:
Wi-Fi is a wireless network. It refers to all networking equipment that is based on one of the IEEE 802.11 standards; allows computers and other devices to connect to wireless routers and therefore other systems on the network.
Vulnerabilities:
If not managed correctly a Wi-Fi network will provide immediate connectivity to any user within proximity of the network. Wireless attacks by wardrivers (people in vehicles searching for unsecured Wi-Fi networks) are common and have caused significant damage in the past. Wireless APs are naturally insecure, regardless if encryption is used or not. Protocols such as the Wireless Encryption P (WEP) protocol contain known vulnerabilities that are easily compromised with attack frameworks, such as Aircrack. More robust protocols such as Wireless Protected Access (WPA) and WPA2 are still prone to dictionary attacks if strong keys are not used. Wi-Fi Networks when established should have default passwords re-set, Access Point Advertising switched to Discrete mode and AP naming not specific to the organisation.
Switch
Description:
A switch is a device that channels incoming data (packets) from multiple input ports to a specific output port for delivery to its required destination.
Switches connect PCs, laptops, printers, and more within a certain location while helping ensure fast, performance of network devices.
Vulnerabilities:
Switch operation can be compromised at various service levels. An attacker, who gains administrative access to a vulnerable switch in a password attack, could take complete administrative control of the device. Proper password management, in particular the avoidance of default passwords, and restricted network and Administrative console access to these devices is therefore critical.
The switch works on a limited internal stored memory which is small in size. It is easy for an attacker to spam (Confuse) the switch with lots of packets from "fake" systems so that the switch can no longer decide which is the right outbound link for a given packet; at this point, the switch falls back to "hub mode" and broadcasts the packet on every link.
VPN
Description:
Stands for "Virtual Private Network". A virtual private network is "tunneled" through a wide area network WAN such as the Internet. This means the network does not have to be located in one physical location like a LAN. However, by using encryption and other security measures, a VPN can scramble all the data sent through the wide area network, so the network is "virtually" private.
Businesses often use VPNs to communicate across multiple locations. For example, a large company that has offices in several cities may need to send data to the different locations via the Internet. To keep the information secure, the company might set up a VPN with an encrypted connection. This is similar to having a secure intranet over the Internet. On a smaller scale, individual users may have a VPN account with their company, which allows them to connect to their office computer from their home or another location. This is especially helpful for business travellers who need to access office data from their laptops.
Router
Description:
Hardware Router is a device that routes data, hence the name, from a local area network (LAN) to another network connection. Most routers also keep log files about the local network activity. Routers help ensure connectivity between multiple networks modern routers can also provide switching and security functions as well.
Vulnerabilities:
Routing attacks can be targeted at the intra-domain (single Domain only internal routing requirements) and inter-domain (Domain to Domain) level to disrupt correct routing in terms of the ability to reach the destination in compliance with a given forwarding (routing) policy. Generally, threats to routing protocols can be external or internal. External threats come from outside attackers who want to gain Administrative rights over the Router to either compromise its routing tables or prevent it working completely. Internal Attacks are primarily form insider threats actors that have Administrative rights (either by role or by escalation of privileges). Router software is in general developed as cheaply as possible and security is not the prime directive so specific attention must be paid to securing them and when necessary the selection of assured routers and selecting the appropriate routing protocols.
Firewall
Description:
A firewall can either be a Host based or Network based security product, it can be either hardware or software based, and acts as a barrier between your trusted network and any untrusted network.
Vulnerabilities:
Often firewalls are poorly configured due to historical reasons or a lack of user understanding. Common firewall flaws include large numbers of open ports that are not required to support business processes, passing services that are not required. The most common configuration problem is not providing outbound data rule sets that lock down traffic flows between trusted IP addresses and services. This may allow an attacker hide a malicious payload in a seemingly genuine packet stream which can then plant malicious software onto any system machine establishing a Covert Channel (unknown communications channel) between the hosting LAN out to the Internet.
10 common firewall vulnerabilities:
- Password(s) are set to the default which creates every security problem imaginable, including accountability issues when network events occur.
- Anyone on the Internet can access Microsoft SQL Server databases hosted internally which can lead to internal database access, especially when SQL Server has the default credentials (sa/password) or an otherwise weak password.
- Firewall OS software is outdated and no longer supported which can facilitate known exploits including remote code execution and denial of service attacks, and might not look good in the eyes of third-parties if a breach occurs and it’s made known that the system was outdated.
- Anyone on the Internet can access the firewall via unencrypted HTTP connections, as these can be exploited by an outsider who’s on the same network segment such as an open/unencrypted wireless network.
- Anti-spoofing controls are not enabled on the external interface which can facilitate denial of service and related attacks.
- Rules exist without logging which can be especially problematic for critical systems/services.
- Any protocol/service can connect between internal network segments which can lead to internal breaches and compliance violations, especially as it relates to PCI DSS cardholder data environments.
- Anyone on the internal network can access the firewall via unencrypted telnet connections. These connections can be exploited by an internal user (or malware) if ARP poisoning is enabled via a tool such as the free password recovery program Cain & Abel.
- Any type of TCP or UDP service can exit the network which can enable the spreading of malware and spam and lead to acceptable usage and related policy violations.
- Rules exist without any documentation which can create security management issues, especially when firewall admins leave the organization abruptly.
Router
Description:
Hardware Router is a device that routes data, hence the name, from a local area network (LAN) to another network connection. Most routers also keep log files about the local network activity. Routers help ensure connectivity between multiple networks modern routers can also provide switching and security functions as well.
Vulnerabilities:
Routing attacks can be targeted at the intra-domain (single Domain only internal routing requirements) and inter-domain (Domain to Domain) level to disrupt correct routing in terms of the ability to reach the destination in compliance with a given forwarding (routing) policy. Generally, threats to routing protocols can be external or internal. External threats come from outside attackers who want to gain Administrative rights over the Router to either compromise its routing tables or prevent it working completely. Internal Attacks are primarily form insider threats actors that have Administrative rights (either by role or by escalation of privileges). Router software is in general developed as cheaply as possible and security is not the prime directive so specific attention must be paid to securing them and when necessary the selection of assured routers and selecting the appropriate routing protocols.
CCTV
Description:
CCTV (closed-circuit television) is a TV system in which signals are monitored within the deployed environment i.e Closed Circuit. CCTV is used primarily for surveillance and security purposes.
Vulnerabilities:
The systems range from cloud-managed surveillance systems, traditional DVR/VMS/NVRs connected to the internet, and traditional systems connected to a local network which in turn is connected to the internet. With increasing Internet connectivity, physical security systems are very vulnerable to cyber-attacks, both as direct attacks and as an entrance to the rest of the network. These systems require the same level of protection from cyber security vulnerabilities as that given to traditional IT systems, such as change default IP addresses, passwords, update operating systems, patch operating systems, limit user access to recording areas etc.
Thin Clients
Description:
Thin clients function as regular PCs, but lack hard drives and typically do not have extra I/O ports or other unnecessary features. Since they do not have hard drives, thin clients do not have any software installed on them. Instead all applications, programs and data sit on a central server that processes activities.
Vulnerabilities:
Thin clients have the potential to be less exploitable, simply because they have fewer lines of code, which should in turn mean fewer security vulnerabilities, and less attack vectors. However, thin clients rely on browsers to do the majority of work, and browsers are vulnerable to attack and exploitation.
Thin clients are end point devices with limited storage and computer processing capabilities that function through a network connection to a server in the data center. Zero clients take it one step further and don't include any local storage. On typical thin clients or zero clients, users do not have local access to the desktop OS and are not able to install software from or copy sensitive data to removable media. These types of devices often don't include USB ports, making the use of removable media impossible. Thin client devices are also generally resistant to tampering, so the odds of the device becoming infected with malware are very unlikely.
Thin clients rely on storing user data in the local or remote server rooms. Access to the data is via logging into the Thin client and then the user profile is “fetched” and presented on the machine being used. Whilst the risk to data on thin client machines is significantly reduced, server room security and backups remains a key issue. (No local data can be stored on the thin client machines).
Fax Machine
Description:
A fax machine is a device that is used to send documents electronically over a telephone network. The transmissions it sends are called “faxes” and these can be between two fax machines, or between a fax machine and computer or online fax service that is equipped to send and receive faxes.
Vulnerabilities:
There is no data validation or authentication between sending and receiving parties, and a fax's Calling Station Identifier (CSID) can be easily spoofed. Therefore, faxes should not be used in instances where the integrity of the information is vital. Unless there is some form of integrity checking of the data being sent and end users and senders can authenticate each other.
PTSN & Copper Infrastructure
Description:
Copper has been used as the main bearer for communications services for many years. Copper cabling is used both for the PTSN (Public Switched Telephone Network Service) but also in the form or Ethernet cabling for office based computer networks.
Vulnerabilities:
Copper when used both for telephony and computer network services is prone to intercept through cross talk and radiation. Cable shielding eliminates this and greatly reduces the likelihood of unauthorised intercept.
Fibre Optic Infrastructure
Description:
The use of optical fibre to the premises (FTTP) services in which optical fibre runs from central hubs all the way to the end users and can provide extremely high-speed Internet access.
Optical fibre systems can also be used to transmit and receive telephone communications and to receive digital television broadcasts.
Vulnerabilities:
International incidents include optical taps found on police networks in the Netherlands and Germany, and also on the networks of pharmaceutical giants in the U.K. and France (Feb 2016). When a successful tap is made, the packet-sniffer software can filter through the packet headers only. This means that filters can be applied to the data allowing specified IP addresses, MAC addresses or DNS information to be gathered and then used for offensive means.
Thick Clients
Description:
Thick clients are computers that are connected to a network. With the right software and applications Thick clients can be used to process information whether they are connected to a network or in stand-alone mode.
Vulnerabilities:
The risks observed in thick client applications generally include information disclosure, unauthorized access, authentication bypass, application crash, unauthorized execution of high privilege transactions or privilege escalation. NB most of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities are as applicable to Thick client applications as they are to web applications:
- Unvalidated input
- Broken access control
- Weal authentication and session management
- Buffer overflows
- Injection flaws
- Improper error handling
- Insecure storage
- Denial of service
- Insecure configuration management
Additional risks to thick clients:
- Information disclosure
- Unauthorised access
- Authentication bypass
- Application crash
- Unauthorized execution of high privilege transactions or privilege esculation
Work Station
Description:
It refers to a computer that has been configured to perform a certain set of tasks, such as photo editing, audio recording, or video production, Media scanning “sheep dip” for USB drives. An office may have several workstations for different purposes, which may be assigned to certain employees. Workstations are often part of a network; they can be standalone machines as well.
Vulnerabilities:
They are targeted by system attackers.
Attackers find faults in desktop and workstation applications (such as e-mail clients), unpatched Operating systems, out of date Anti-Virus and execute arbitrary code, implant Trojan horses for future compromise, or crash systems. Further exploitation can occur if the compromised workstation has administrative privileges on the rest of the network.
VOIP
Description:
Voice Over Internet Protocol (VOIP) is a method of having a voice conversation travel across a data network (Internet or private network) in a packet switched, rather than circuit switched manner.
Vulnerabilities:
The VoIP technology is based on Internet Protocol Technology, therefore any vulnerabilities present on a computer (IP) based network are present on a VOIP network, additionally the use of voice services introduces additional intercept vulnerabilities.
VoIP services are susceptible to the same types of attacks that your Web connection and email are prone to Spam. VoIP is subject to its own type of unwanted marketing, known as "Spam over Internet Telephony," or SPIT.
- Interruptions. Network attacks like worms and viruses can disrupt service, or even take VoIP service offline.
- Voice phishing. Also known as "vishing," this happens when an attacker contacts you using VoIP and attempts to trick you into divulging valuable personal data, such as credit card or bank account information.
- Privacy loss. Most VoIP traffic is unencrypted, making it easy for intruders to eavesdrop on VoIP conversations.
- Hacking. Hackers can gain access to your VoIP connection and use your line to make calls. In some cases, they even sell your connection information on the black market. Once inside your home network, hackers can poke around to uncover sensitive information you may have stored on your PC.
Network Printer
Description:
A printer connected to a wired or wireless network. It may be Ethernet enabled and be cabled to an Ethernet switch, or it may connect to a Wi-Fi (wireless) network, or both.
Vulnerabilities:
Printers are more vulnerable to attacks because most companies give a priority of importance to the security of the PC’s in their offices and neglect the printer. Printer exploitation or vulnerability has resulted in the increase of corporate espionage and gathering of highly sensitive information. Most of the highly sensitive data stored in PCs when printed is also stored in printers that can be exploited from the internal cached memory to reproduce the prints.
Worst case is that most Multi-Function Printers provide full administrative access unless the network administrator reconfigures the network. This creates a serious threat to the misuse of data by creating a platform for attacking all the systems connected to the network.
Host Intrusion Detection System
Description:
Often referred to as HIDS, host based intrusion detection systems attempt to identify unauthorized, illicit, and anomalous behaviour on a specific device. HIDS generally involves an agent installed on each system, monitoring and alerting on local OS and application activity. The installed agent uses a combination of signatures, rules, and heuristics to identify unauthorized activity. The role of a host IDS is passive, only gathering, identifying, logging, and alerting.
Vulnerabilities:
Attackers can discover and compromise covered data on devices that are not secured against vulnerabilities.
IDSs are often targeted by attackers who want to prevent the IDSs from detecting attacks or want to gain access to sensitive information in the IDSs, such as host configurations and known vulnerabilities.
Fibre Media Convertors
Description:
An Ethernet to Fibre Media Converter allows the inter-connection of copper-Ethernet devices to fibre ensuring optimal data transmission.
Scanner
Description:
A scanner is an input device that scans documents and images, which can be imported into a computer.
Vulnerabilities:
Scanners are capable of storing data on non-volatile memory and therefore they can retain a copy of the scanning in the memory cache. Since it isn't the primary function of these devices, they are often forgotten as a potential threat.
Fibre Optics
Description:
Fibre Optic cable is made up of super-thin filaments of glass or other transparent materials that can carry beams of light running at different frequencies down the glass causing them to refract at different rates.
Vulnerabilities:
One method to tap a cable is the curve method where the cable is bent and the outer covering removed, as the cable is bent the light signal can be detected as it breaches the exposed out cover. Hackers are able to get the information without physically touching the fibre or even the light signal itself. The light is amplified by a photo-detector until a sufficient intensity is reached to be read by light reading photo detectors that convert the light into electrical signals for intercept by commercially available products.
Ethernet Connections
Description:
An Ethernet cable is one of the most popular forms of network cable used on wired networks. Ethernet cables connect devices together within a local area network, like PCs, routers, and switches.
Vulnerabilities:
A primary weakness with Ethernet is that it is a broadcast system. Every message sent out by any computer on a segment of Ethernet wiring reaches all parts of that segment and potentially could be read by any computer on the segment. So phone and the lines connecting to them are susceptible to vulnerabilities that would allow somebody determined enough to listen in on your phone calls.
Servers in general
Description:
Serve information to computers that connect to it. When users connect to a server, they can access programs, files, databases and other business and personal information from the server. A Server is a computer or device on a network that manages the network resources.
Vulnerabilities:
There are a variety of different types of servers and related software, hardware and protocols all of which have their own vulnerabilities.
General key vulnerabilities:
- Injection attacks
- Variable manipulation
- Response manipulation
- Improper error handling
- Insecure storage
- Sensitive data disclosure
- Denial of Service (DoS)
- Improper access control
- Improper session management
- Reverse engineering
VLAN
Description:
Computer networks can be segmented into local area networks (LANs) and wide area networks (WANs). Network devices such as switches, hubs, bridges, workstations and servers connected to each other in the same network at a specific location are generally known as LANs. A LAN is also considered a broadcast domain.
A virtual local area network (VLAN) is a logical group of workstations, servers and network devices that appear to be on the same LAN despite their geographical distribution. A VLAN allows a network of computers and users to communicate in a simulated environment as if they exist in a single LAN and are sharing a single broadcast and multicast domain. VLANs are implemented to achieve scalability, security and ease of network management and can quickly adapt to changes in network requirements and relocation of workstations and server nodes.
Vulnerabilities:
There is a high risk of virus issues because one infected system may spread a virus through the whole logical network. Some precautions are needed to prevent traffic "escaping" from a given VLAN, an exploit known as VLAN hopping. This is an attack method used to gain unauthorized access to another Virtual LAN on a packet switched network, the two main methods being Switch Spoofing and Double Tagging. Once an attacker using Switch Spoofing gains acces he can communicate with any device on any of the the associated VLANS and they can also eavesdrop on the traffic within the targetted VLAN; Double Tagging is used for Denial of Service attacks.
Database Links
Description:
Links that a database reference out to for control and management information
Vulnerabilities:
Nearly every production control system references to a database on the control system LAN that is then mirrored into the business LAN. A skilled attacker can gain access to the database on the business LAN and use specially crafted Sequel (SQL) statements to take over the database server on the control system LAN. Nearly all modern databases are susceptible to this type of attack if not configured properly to block Cross Site Scripting (XSS) attacks.
Thick Clients
Description:
Thick clients are computers that are connected to a network. With the right software and applications Thick clients can be used to process information whether they are connected to a network or in stand-alone mode.
Vulnerabilities:
The risks observed in thick client applications generally include information disclosure, unauthorized access, authentication bypass, application crash, unauthorized execution of high privilege transactions or privilege escalation. NB most of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities are as applicable to Thick client applications as they are to web applications:
- Unvalidated input
- Broken access control
- Weal authentication and session management
- Buffer overflows
- Injection flaws
- Improper error handling
- Insecure storage
- Denial of service
- Insecure configuration management
Additional risks to thick clients:
- Information disclosure
- Unauthorised access
- Authentication bypass
- Application crash
- Unauthorized execution of high privilege transactions or privilege esculation
File Server
Description:
Are designed primarily to enable the storage and retrieval of data while the actual computation is carried out by the workstations. File Servers shares files and folders, storage space to hold files and folders, or both, over a network.
Vulnerabilities:
File Transfer Protocol makes it possible to move one or more files securely between computers while providing file security and organization as well as transfer control.
File servers have the prime details of your network, holding sensitive files, databases, passwords and more. When file servers go down, the network is incapacitated.
Most Windows file server security vulnerabilities are facilitated by a missing patch and is directly exploitable from inside the network. Windows patch vulnerability can be easily exploited from a rogue insider's or external hackers point of view.
DB (Data Base) Server
Description:
Maintains and shares any form of database (organised collections of data with predefined properties that may be displayed in a table) over a network. The term database server may refer to both hardware and software used to run a database.
Vulnerabilities:
A Database server is a hardware or virtualised software server used to store and process specific business defined data. The Data Base Server holds this information and presents it to users when requested, so like all other hardware services it must be correctly coded, secured and access controlled.
Mail Server
Description:
It stores incoming mail for distribution to users (message store) and forwards outgoing mail through the appropriate channel (message transfer agent). The term may refer to the software that performs this service, which can reside on a machine with other applications or to a stand-alone computer or server dedicated only to the mail function. Mail servers move and store mail over corporate networks via LANs and WANs and across the Internet.
Vulnerabilities:
Even though SMTP and IMAP have built-in features to protect Exchange’s external mail transmissions, both protocols are still susceptible to security vulnerabilities. SMTP can be easily manipulated to send large amounts of spam and the authentication process in IMAP can be circumvented to steal passwords.
DNS Server
Description:
DNS server stands for "domain name system" server, and it refers to a computer that translates text text-based website names into computer readable language, when a user types in a web-site they want to visit the DNS Server translates this into the coded equivalent that a computer would understand. A DNS server runs special-purpose networking software, features a public IP address, and contains a database of network names and addresses for other internet hosts.
Vulnerabilities:
Contains a list of pc names and IP addresses so is vulnerable to providing complete IP addresses & equipment on network.
The Domain Name System (DNS) is vital to the Internet, providing a mechanism for resolving host names into Internet Protocol (IP) addresses. Insecure underlying protocols and lack of authentication and integrity checking of the information within the DNS threaten the proper functionality of the DNS.
Two kinds of attacks can aim at the server instead of the DNS protocol itself:
- Attacks taking advantage of bugs in DNS Software implementation
- Attack by Denial of Service (using flooding for instance, of the DNS service using in-band attacks, or of the machine in general using ICMP smurfing for example)
Proxy Server
Description:
Acts as an intermediary between a client and a server, accepting incoming traffic from the client and sending it to the server.
Vulnerabilities:
Reasons for doing so includes content control and filtering, improving traffic performance, preventing unauthorized network access or simply routing the traffic over a large and complex network. Proxy servers are often found in the DMZ between 2 Firewalls and are used as a jump off point from an internal network to the Internet. From a Security perspective Proxy servers are designed to protect the internal network however, as they are a server they are still susceptible to the standard server vulnerabilities in particular is the Proxy authentication requests.
Enterprise Server
Description:
An enterprise server is a computer containing programs that collectively serve the needs of an enterprise rather than a single user, department, or specialized application.
Vulnerabilities:
As with all servers if compromised they can provide direct access to the rest of the network. From an Enterprise server and service perspective this can be a catastrophic failure of all services. As with all hardware configuration and access controls are fundamental in reducing vulnerabilities.
Certificate Authority (CA) Server
Description:
Certificate Authority (CA) servers manage PKI (X509) certificate enrollment requests from customers, and are able to issue and revoke digital certificates.
Vulnerabilities:
All CA Servers are built to address the identity management requirements. By leveraging public key infrastructure (PKI), organizations can efficiently safeguard their users’ identities. This provides the users with robust e-mail signing and encryption, network authentication, and wireless network access. Physical access to CA servers and security configuration greatly reduces the likelihood of Compromise. If a CA server is compromised the users of the system can be denied access to key business functions and services.
Exchange Server
Description:
Management and utilisation of email services across the organisation inclusive of calendar services.
Vulnerabilities:
Vulnerable to providing all contact details etc, common Exchange Server security vulnerabilities:
- Gaps in the patching process.
- Weak passwords. A single Exchange account with a weak password is enough to give an outsider full access to your messaging environment.
- SMTP and POP3 access.
- Cross Site Scripting (XSS) vulnerabilities
- Cross Site Request Forgery
Communications Server
Description:
Maintains an environment needed for one communication endpoint (user or devices) to find other endpoints and communicate with them.
Vulnerabilities:
It may or may not include a directory of communication endpoints and a presence detection service, depending on the openness and security parameters of the network. Attacks are possible via the Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet
Application Server
Description:
Hosts web apps (computer programs that run inside a web browser) allowing users in the network to run and use them, without having to install a copy on their own computers. Front end service for an application e.g. forms. Unlike what the name might imply, these servers need not be part of the world-wide web; any local network can run and support applications.
Vulnerabilities:
Sometimes referred to as a type of middleware, application servers occupy a large element of computing processes between database servers and the end user; therefore are susceptible to their vulnerablilites.
Print Server
Description:
Shares one or more printers over a network, thus eliminating the problem of physical access.
Vulnerabilities:
- Common attacks include printer authentication rules being by passed (if enabled)
- SQL injection attacks through badly configured and coded software
- Denial of service through buffer overflow attacks
Media Server
Description:
Shares digital video or audio over a network through media streaming.
Vulnerabilities:
Transmitting content in a way that portions received can be watched or listened to as they arrive, as opposed to downloading a whole huge file and then using it. Susceptible to all the general vulnerabilities, plus if not properly protected the received content can permit a hacker to use this as a means to gain access.
Centralised Server
Description:
A type of network where all users connect to a central server, which is the agent for all communications. This server would store both the communications and the user account information. Most public instant messaging platforms use a centralized network.
Vulnerabilities:
Key vulnerability of this is the use of centralized computing. A centralized server introduces a single point of failure on the network. If the central server is compromised, it may render the network completely useless or worse, prone to data manipulation or theft. In these situations, a central server becomes an open door which allows access to the entire network.
Network Intrusion Detection Systems (NIDS)
Description:
Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. Using the captured data, the IDS system processes and flags any suspicious traffic. Unlike an intrusion prevention system, an intrusion detection system does not actively block network traffic. The role of a network IDS is passive, only gathering, identifying, logging and alerting.
Vulnerabilities:
Attackers try to discover and compromise the device detection capabilities by acting on known product vulnerabilities or configuration weaknesses to enable them to penetrate the target network by crafting malware that will not be detected and will pass through the IDS onto the target network.
Used to proactively monitor and protect your network from malicious activity; however they are also prone to false alarms. The IDS needs to be properly configured to recognize what is normal traffic on your network versus what might be malicious traffic and the administrators responsible for responding to IDS alerts need to understand what the alerts mean and how to effectively respond.
POS (Point of Sales) Management
Description:
The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment consists of people, processes, and technologies that store, process, or transmit cardholder data or sensitive authentication data.
Vulnerabilities:
Merchant-based vulnerabilities may appear almost anywhere in the card-processing system including point-of-sale devices; personal computers or servers; wireless hotspots or Web shopping applications; in paper-based storage systems; and unsecured transmission of cardholder data to service providers. Sensitive data is transmitted and stored online, which when stolen by cyber criminals results in financial loss to both traders and consumers.
Thin Client Server
Description:
The specific roles assumed by the server may vary, from hosting a shared set of virtualized applications, a shared desktop stack or virtual desktop, to data processing and file storage on the client's or user's behalf.
Vulnerabilities:
Whilst having many benefits there are also security concerns related to the thin-client model. Centralizing applications and data also centralizes the threat. A network of thin clients provides many access points to servers storing shared data and applications, with the associated risk that compromise can affect the entire IT infrastructure. Some thin-client models can also increase the risk of business disruption if an outage occurs within the central network resources upon which the thin client depends.