Blogs and Posts
- By: Garry Feldman
- Date: November 23, 2016
Cyberattack method awareness could save your business time and money. An awareness of common attack vectors will help your staff secure your system, so that your business and customer data remain protected. Here are the top five cyber-attack vectors your employees should be aware of when trying to improve network security.
Penetration Tester’s Top Five List
Penetration testers work to examine security flaws in computer systems that potentially lead to a cyber-attack. Through extensive examination, penetration testers have identified five attack vectors you should be aware of:
- Weak Domain User Passwords
- WPAD – Broadcast Name Resolution Poisoning
- Pass-the-hash attacks against Admin Passwords
- Cleartext Passwords Stored in Memory
- Improper or insufficient Network Segmentation
Four of the top five attack vectors have nothing to do with software exploits or holes. Instead, these vulnerabilities are all related to passwords. So, as you can see, one of the biggest obstacles for a business to secure its network is dealing with users who may not be aware of the importance of protecting their passwords. No matter how hard you might try to keep your software up to date, your users are still your first line of security against hackers and data breaches. Implementing and enforcing a password policy is the single greatest way to prevent these types of attacks, yet management frequently postpones such implementations.
Education Against Social Engineering
While we all love to conjure up images of complicated software hacking programs that learn passwords by clever algorithms, the truth is most passwords are obtained through social engineering, which is why educating your workforce about these attack vectors is so critical.
Make sure to emphasize how important it is to secure passwords and never save passwords in browsers. Consider investing in enterprise wide password vaults to make securing strong passwords easy for your employees. However, in spite of all of the education that you provide, you still have to count on about 1% of your users clicking on a malicious link. So, the question remains: How do you manage your security once a password has been stolen?
Proper Rights and Network Segmentation
While it can be tempting to provide users advanced privileges to improve their experience, a hacker can use these privileges to their advantage. If you believe that a password has been stolen, your first line of defense should be to limit privileges, so that you contain the damage as much as possible.
Limiting privileges will help to ensure that a small breach won’t provide the avenue for full network access and full exploitation. With the right password policy, one compromised password should not compromise the entire network.
Other Strategies for Mitigation
In addition to reducing privileges to reduce the effects of a stolen password, there are other areas you should also emphasize to increase your overall security. For example, cleartext passwords and pass-the-hash type attacks can easily be fixed by implementing fixes and tools from network OS providers.
Preventing user passwords from being stolen or hacked can also be tackled a number of ways, including:
- Two Factor Authentication: Employing two-factor authentication software is a great way to protect passwords. Even if a user ends up compromising their password, a hacker must still get past the second layer of security to complete the breach.
- Strong Passwords: While strong passwords often draw the ire of users, they work to provide an added layer of security that is needed for your network. Using 15 character passwords with combinations of letters, numbers and symbols can go a long way to keeping your network safe.
Get Help from IT Consultants in Stamford
Looking for ways to secure your network? Then contact the professional team at U.S. Computer Connection. Our security experts can help identify and correct any potential holes or gaps in your network and keep your data safe!
- September 2017 (5)
- August 2017 (4)
- July 2017 (4)
- June 2017 (6)
- May 2017 (4)
- April 2017 (6)
- March 2017 (4)
- February 2017 (5)
- January 2017 (5)
- December 2016 (5)
- November 2016 (5)
- October 2016 (4)
- September 2016 (6)
- August 2016 (4)
- July 2016 (7)
- June 2016 (7)
- May 2016 (6)
- April 2016 (5)
- March 2016 (7)
- February 2016 (5)
- January 2016 (5)
- December 2015 (6)
- November 2015 (1)
- October 2015 (2)
- August 2015 (5)
- Backup and Disaster Recovery (7)
- Business IT (29)
- Security (42)
- Training (22)
- Uncategorized (26)
- Webinar (18)