Know Your Network Infrastructure Vulnerabilities to Avoid Hacks - dummies

Know Your Network Infrastructure Vulnerabilities to Avoid Hacks

By Kevin Beaver

Network infrastructure vulnerabilities are the foundation for most technical security issues and hacks in your information systems. These lower-level vulnerabilities affect practically everything running on your network. That’s why you need to test for them and eliminate them whenever possible.

Your focus for ethical hacking tests on your network infrastructure should be to find weaknesses that others can see in your network so you can quantify your network’s level of exposure.

Many issues are related to the security of your network infrastructure. Some issues are more technical and require you to use various tools to assess them properly. You can assess others with a good pair of eyes and some logical thinking. Some issues are easy to see from outside the network, and others are easier to detect from inside your network.

When you assess your company’s network infrastructure security, you need to look at the following:

  • Where devices, such as a firewall or an IPS, are placed on the network and how they’re configured

  • What external attackers see when they perform port scans and how they can exploit vulnerabilities in your network hosts

  • Network design, such as Internet connections, remote access capabilities, layered defenses, and placement of hosts on the network

  • Interaction of installed security devices, such as firewalls, intrusion prevention systems (IPSs), antivirus, and so on

  • What protocols are in use

  • Commonly attacked ports that are unprotected

  • Network host configurations

  • Network monitoring and maintenance

If someone exploits a vulnerability in one of the items in the preceding list or anywhere in your network’s security, bad things can happen:

  • A hacker can launch a denial of service (DoS) attack, which can take down your Internet connection — or your entire network.

  • A malicious employee using a network analyzer can steal confidential information in e-mails and files sent over the network.

  • A hacker can set up back-door access into your network.

  • A hacker can attack specific hosts by exploiting local vulnerabilities across the network.

Before assessing your network infrastructure security, remember to do the following:

  • Test your systems from the outside in, the inside out, and the inside in (that is, on and between internal network segments and demilitarized zones [DMZs]).

  • Obtain permission from partner networks to check for vulnerabilities on their systems that can affect your network’s security, such as open ports, lack of a firewall, or a misconfigured router.