Common Security Weaknesses that Criminal Hackers Target

By Kevin Beaver

Part of Hacking For Dummies Cheat Sheet

Information security professionals should know the common security weaknesses that criminal hackers and malicious users first check for when hacking into computer systems. Security flaws, such as the following, should be on your checklist when you perform your security tests:

  • Gullible and overly-trusting users

  • Unsecured building and computer room entrances

  • Discarded documents that have not been shredded and computer disks that have not been destroyed

  • Network perimeters with little to no firewall protection

  • Poor, inappropriate, or missing file and share access controls

  • Unpatched systems that can be exploited using free tools such as Metasploit

  • Web applications with weak authentication mechanisms

  • Guest wireless networks that allow the public to connect into the corporate network environment

  • Laptop computers with no full disk encryption

  • Mobile devices with easy to crack passwords or no passwords at all

  • Weak or no application, database, and operating system passwords

  • Firewalls, routers, and switches with default or easily guessed passwords