{"id":18031,"date":"2021-01-08T23:08:00","date_gmt":"2021-01-08T23:08:00","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=18031"},"modified":"2022-05-03T20:32:47","modified_gmt":"2022-05-03T20:32:47","slug":"common-it-security-vulnerabilities-how-to-prevent-them","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/common-it-security-vulnerabilities-how-to-prevent-them\/","title":{"rendered":"How to Defend Common IT Security Vulnerabilities"},"content":{"rendered":"

IT security pros have never faced more threats, whether it’s from the huge increase in <\/span>remote work<\/span><\/a> or aggressive nation-state sponsored hackers like those involved in the <\/span>SolarWinds breach<\/span><\/a>. While there will always be new holes to plug, security vulnerabilities usually stem from the same few causes: unpatched vulnerabilities, misconfigurations or user error, and even the most tech-savvy companies are vulnerable to these mistakes.<\/span><\/p>\n

Here are some of the most common IT security vulnerabilities and how to protect against them. By taking a proactive stance against the most common cyber vulnerabilities and security misconfigurations, you can prevent many cyber attacks from happening.<\/span><\/p>\n

Common Vulnerabilities and Misconfigurations<\/span><\/h2>\n

Here are a few of the more common vulnerabilities – and how to defend against them.<\/span><\/p>\n

Missing data encryption<\/span><\/h3>\n

When your data is not properly <\/span>encrypted<\/span><\/a> before storage or transmission, your vulnerability to a cyber threat increases.<\/span><\/p>\n

Solution<\/b>: <\/span><\/i>While many software solutions exist to assist you with data encryption, you\u2019ll need to <\/span>find an encryption solution that meets your needs<\/span><\/a>. Also, be sure not to rely entirely on the tech. Human error is a common cause of this type of vulnerability, so be sure to roll out policies, training and audits to ensure data is protected.<\/span><\/p>\n

OS command injection<\/span><\/h3>\n

OS command injection, or shell injection, happens when an attacker executes operating system (OS) commands on your server while it\u2019s running an application. This vulnerability can be used\u00a0 to prey upon other parts of your infrastructure to gain deeper reach into your organization. It is typically caused by incorrect or complete lack of input data validation.<\/span><\/p>\n

Solution<\/b>:<\/span><\/i> The best way to prevent OS command injection vulnerabilities is to never allow OS commands from application-layer code. If that is not possible, however, strong input validation protocols must be implemented, such as validating against a whitelist of permitted values, validating that the input is a number, validating that the input contains only alphanumeric characters, etc.<\/span><\/p>\n

Also Read<\/b>: <\/span>Top Active Directory Security Tools<\/span><\/a><\/p>\n

Buffer overflow<\/span><\/h3>\n

Most software developers understand the threat posed by buffer overflow. Even still, the occurrence is common because of the wide variety of ways buffer overflows can occur, and the error-prone techniques often used to prevent them.<\/span><\/p>\n

Solution<\/b>: For server products and libraries, diligently stay up to date on the latest bug reports for your systems. For custom apps, ensure that all code from users is reviewed to ensure that it can properly handle arbitrarily large input.<\/span><\/p>\n

Missing authentication\/authorization<\/span><\/h3>\n

This vulnerability is due to insufficient authorization or authentication limitations. Attackers step in to take advantage where weak authentication or privilege limitations exist.<\/span><\/p>\n

Solution<\/b>: Many authentication vulnerabilities can be dealt with simply by tightening and fully implementing what you have. Beyond that, there are <\/span>identity management<\/span><\/a> and <\/span>privileged access management<\/span><\/a> tools, <\/span>multi-factor authentication<\/span><\/a> and other products that can help.<\/span><\/p>\n

Cross-site scripting and forgery<\/span><\/h3>\n

CSRF, also referred to as XSS, XSRF, Sea Surf or Session Riding, tricks a web browser into executing an unwanted action. When it works, CSRF can impact both the business and its use.<\/span><\/p>\n

Solution<\/b>: It\u2019s common to mitigate against this vulnerability with the use of randomly-generated <\/span>tokens<\/span><\/a>. For next-level protection, you can require double\u00a0 submission of cookies with random tokens assigned that must match before granting access to the application.<\/span><\/p>\n

Read Also<\/b>: <\/span>How to Prevent Cross-Site Scripting (XSS) Attacks<\/span><\/a><\/p>\n

URL redirection to untrusted sites<\/span><\/h3>\n

Redirects can leave the door open for attackers to drive users of your application to an untrusted external site, creating security issues for your user and leaving your reputation at risk.<\/span><\/p>\n

Solution<\/b>: Use a <\/span>web application firewall<\/span><\/a>, automated <\/span>scanning<\/span><\/a> and keep your software up-to-date to work against this common vulnerability.<\/span><\/p>\n

Path traversal<\/span><\/h3>\n

Directory traversal (also known as file path traversal) is a common vulnerability that allows a potential attacker to read files on the server that is running your application, such as code and data, credentials for back-end systems and sensitive OS files.<\/span><\/p>\n

Solution<\/b>: <\/span><\/i>Prevent a directory traversal attack by avoiding the passing of user-supplied input to filesystem APIs, if possible. If complete avoidance is not possible then adding multiple layers of defense can help deter this type of attack. OWASP offers a number of additional <\/span>protective steps<\/span><\/a> and also has its own prominent list of <\/span>web application vulnerabilities<\/span><\/a>.<\/span><\/p>\n

Companies make common missteps that create security vulnerabilities, such as grabbing code from public sources like GitHub, Sourceforge and Bitbucket or failing to encrypt sensitive data. Acting promptly on software patches and updates also helps reduce vulnerabilities that cyber attackers wait to prey upon.<\/span><\/p>\n

Vulnerability assessment<\/span><\/a>, <\/span>scanning<\/span><\/a>, <\/span>penetration testing<\/span><\/a> and <\/span>patch management<\/span><\/a> are important steps for controlling vulnerabilities. They should be conducting regularly, if not continuously.<\/span><\/p>\n

Understanding Security Misconfigurations<\/span><\/h2>\n

Misconfigured web servers and applications make easy targets for hackers to exploit. Misconfigurations can happen at any level of the tech stack – from your web server to its database to your framework or virtual machines. Cybercriminals take advantage of security misconfigurations through unauthorized access to default accounts, rarely accessed web pages, unprotected files and folders, directory listings, etc.<\/span><\/p>\n

There is a relatively high chance that some security misconfigurations exist in your system at this very moment. If you want to see how common they are, just see this <\/span>white-hat hack of Apple<\/span><\/a> from a few months ago. Businesses that use a hybrid approach of in-house and cloud environments can experience the highest level of risk exposure. Keeping a careful watch for security misconfigurations during the frequent updates is an essential factor for protection. Visibility and attention are key.<\/span><\/p>\n

Common Types of Security Misconfigurations<\/span><\/h2>\n

These are some common misconfigurations that security and IT teams should be on the lookout for:<\/span><\/p>\n

    \n
  1. Applications and products under production phase in debug mode<\/span><\/li>\n
  2. Running unwanted services on the system<\/span><\/li>\n
  3. No proper configuration for accessing server resources and services<\/span><\/li>\n
  4. Leaving default keys and passwords as is<\/span><\/li>\n
  5. Incorrect exception management\u2014can disclose unauthorized data, including stack traces<\/span><\/li>\n
  6. Using default accounts with default credentials<\/span><\/li>\n<\/ol>\n

    How To Prevent Security Misconfigurations<\/span><\/h2>\n

    Preventing these types of security risks can be tricky. They are not always obvious and almost never intentional. A point person or committee, a protocol to follow when setting up new web applications, and a strong QA team can all contribute to prevention.<\/span><\/p>\n

    Your system\u2019s vulnerabilities and misconfigurations offer an “in” for cybercriminals to\u00a0 gain access. It\u2019s that simple. And it\u2019s clear that cyber criminals are looking for these opportunities at an ever-increasing clip as well as getting savvier and savvier about how to find their way in. A lack of attention and safeguards for vulnerabilities and misconfigurations can leave a business wishing, in hindsight, that they had set up protocols to address issues, improve departmental communication flows and seek out weaknesses beforehand.<\/span><\/p>\n

    Further Reading: DDoS and SQL Injection Prevention and More<\/span><\/h2>\n

    Security tutorials are some of the most popular articles on eSecurity Planet. Here are some of the most popular:<\/span><\/p>\n