In the world of cybersecurity, it is essential to be aware of the main vulnerabilities that can compromise our systems. Below, we explore 14 common vulnerabilities that can be exploited by attackers on both Windows and Linux systems. They are organized into three key categories: Infrastructure Configuration, Access and Permissions Management, and System Updating and Monitoring.
1. Infrastructure Configuration
Access Control and Network Configuration
Inadequate Router Access Control
A misconfigured router, especially access control lists (ACLs), can allow unauthorized access and leaks through protocols such as ICMP and IP NetBIOS. It is vital to ensure that ACL configurations are accurate and restrictive to minimize security vulnerabilities.
- DMZ Server Compromise
If a server in the DMZ is compromised, an incorrect router configuration could grant access to the internal network. Secure the DMZ with robust ACL configurations to minimize risk.
- Unauthenticated Services
Services such as X-Windows, which allow keystrokes to be captured remotely, are a serious threat if they are not properly authenticated. Implementing authentication and access controls on these services is crucial.
Service Configuration
- Unsecured Remote Access Points
Unsecured remote access is an easy entry point for attackers. Protect remote access points with multifactor authentication and make sure you don’t expose sensitive files unnecessarily.
- Insecure Configuration of Web and FTP Servers
Web and FTP servers, especially those that allow CGI commands or have anonymous FTP with write permissions, must be carefully configured to avoid security breaches.
- Unnecessary Host Services
Running unnecessary services such as RCP, FTP, DNS or SMTP exposes vulnerable ports that can be exploited. Remove or disable services that are not essential.
2. Access and Permissions Management
Passwords and User Privileges
- Weak or Reused Passwords
The use of simple or repeated passwords facilitates dictionary attacks. Establish policies for creating secure passwords and educate users about their importance. For that reason, encryption techniques should be used to create passwords.
- User Accounts with Excessive Privileges
Giving users more privileges than necessary increases the risk of an account being compromised. Apply the principle of least privilege to all accounts.
Trust Relationship and Access Control
- Excessive Access Controls on Shared Resources
On NT and Unix systems, mismanagement of access controls can result in unwanted access. Carefully manage permissions on shared resources.
- Excessive trust relationships
Trusted domains in NT or files such as .rhost and hosts.equiv in UNIX can be exploited by attackers. Minimize these relationships to reduce the risks of improper access.
3. Systems Updating and Monitoring
System and Application Upgrades
- Applications Not Upgraded
Outdated applications lack the latest security patches, making them easy targets for attackers. Keep all applications and operating systems up to date to close potential vulnerabilities.
Monitoring and Security Policies
- Inadequate Registration and Surveillance Capabilities
Lack of an effective monitoring system and detailed logs can hinder incident detection and response. Implement a robust monitoring system to identify and mitigate threats in real time.
- Absence of Security Policies
Lack of well-defined security policies and procedures leaves the organization exposed. Develop and implement clear security policies that include guidelines for risk management and incident response. An example might be to use two-factor authentication.
Emerging Risks
- Social Engineering
Finally, one of the greatest dangers remains social engineering, where attackers manipulate users to gain unauthorized access. Awareness and continuous training are essential to prevent this type of vulnerability.
Conclusion
Identifying and mitigating these vulnerabilities is key to protecting any system. In future articles, we will address practical solutions for each of these areas, helping to strengthen the security of your technology infrastructure.