In today’s industry, too many people continue to make the same mistakes with their network security over and over again, and it seems like we just aren’t learning our lesson. It was Einstein who once said, “You cannot solve problems by using the same kind of thinking that we used when we created them,” meaning, if a dilemma arises, you can’t hope to fix it and keep it fixed without changing your methods. We all seem to fall into one or more of these habits over time, so to help remind us all of what we need to look out for, here are some common network security issues and solutions.
1. Non-complex or Weak Network Access Passwords
Most network system administrators are open to an “old school” exploit known as brute forcing. In order to correct this network security password vulnerability, they have implemented “CAPTCHA Technology.” A common type of CAPTCHA requires the user to type letters or digits from a distorted image that appears on screen, which is commonly used to prevent unwanted internet bots from accessing websites and networks. This technology has given network security administrators a false sense of security, in regard to countering brute forcing.
The solution? A complex password. In order to create a complex password, you need seven or more characters combined with at least three numbers and one special character (capital letters, @ or # signs, etc.). Network security administrators should require the creation of complex passwords as well as implement a password expiration system to help remind users to change their passwords often. A restriction on how soon a password can be reused is also another handy precaution, that way someone isn’t cycling between two different passwords every month or so.
2. Outdated Server Application or Software
Companies constantly release patches in order to ensure that your system is not vulnerable to new public threats. Hackers consistently release new threats and exploits which could allow harm to befall your network if these patches are not in place. A simple solution is to ensure your system administrator is regularly informed of new threats and is updating your applications on a monthly basis.
3. Web Cookies
Although cookies do not carry viruses and cannot install malware on the host computer, the tracking of cookies and third-party tracking cookies are commonly used ways to compile records of individuals’ browsing histories. Unencrypted cookies are a major network security issue because they can open your system to a XSS (Cross Site Scripting) vulnerability and that is a major privacy concern. With ‘Open Cookies’ anyone could have access to any login data cookies (saved password sessions) on the network, which creates a major vulnerability on your network security system.
The solution is to ensure all of your network cookies are encrypted and have an encoded expiration time. Your network administrator should also force users to re-login any time they are accessing sensitive directories in your network.
4. Plain Hashes
Anyone who knows their stuff can decrypt a Hash that is not Salted.
Hashing is used to index and retrieve items in a database and Plain Hashes are also used in many encryption algorithms. A Salt (which is another type of encryption) is added to Hashes in order to make a lookup table assisted Directory Attack (or Brute-Force) impractical or extremely difficult, provided the Salt is large enough. Basically, an attacker wouldn’t be able to use a pre-computed look up table to assist in exploiting your network, which adds a whole new level of complexity to your network security system. So even if an attacker gains access and compromises your database (table), it will still be very difficult for the attacker to retrieve the information.
The best way to ensure safety in regard to Hashes is for your network administrator to hide the Salt (or encryption key), because if the hacker is able to gain access to your Salt encryption they can access your network system. Salt all of your Hashes. No Salt means no security.
5. Share Hosting (not Cloud Server Base)
If you are running a legitimate business and have a website with access to your internal network, Shared Hosting is not the way to go! A shared web hosting service is where many websites reside on one web server connected to the Internet. Each site sits on its own partition, or section or space on the server, to keep it separate from other sites. This is generally the most economical option for hosting, because people share the overall cost of server maintenance. Think of it this way: shared hosting is like sharing a house with other people, and if someone breaks into your roommate’s bedroom or any other area of the home for that matter, they’ll also be able to access your own room! This same concept is applied to Shared Hosting. When an attacker is inside one area of the shared server, it’s almost as if they have a skeleton key that fits all of the locks. The best solution is to have dedicated Server Hosting and/or Secure Cloud Hosting.