Network security is a very broad concept; it starts with authenticating users and authorizing resources. It deals with security threats analysis and vulnerability checks.
Important terms in network security
Threats
A threat is the potential for an attacker to take advantage of a vulnerability on a system. An example of a threat can be a disgruntled employee who has been given a warning letter in an organization. This person may want to inflict harm to the company's network and has decided to research exploitation.
Some further examples of threats include malware, Denial of Service (DoS), and phishing.
Let's now discuss risk and countermeasure:
- Risk: A risk is the likelihood of a threat actor taking advantage of a vulnerability that can attack a network system, which leads to damage to the network
- Countermeasure: A countermeasure can be a combination of a process and a device that can act together as a safeguard against potential attacks, thereby reducing security risks
Vulnerability
Vulnerability is a weakness of the system, data, or any application, by which unauthorized persons can exploit it. Vulnerability on the network may occur due to various reasons:
- Result of a malicious attack
- Failure of a policy
- Weakness of the system or a policy
- Weakness of a protocol
Vulnerabilities are found in operating systems, routers, switches, firewalls, applications, antivirus software, and so on. An attacker uses these vulnerabilities to create a threat to the network. Generally, vulnerabilities arise due to high complexity or human error while developing an application and designing a network.
Analyzing vulnerability
Vulnerability analysis is the process of identifying security weaknesses on a computing platform or network. This aids the internal security team (blue team) in remediating any flaws that have been discovered. A security team is also responsible for conducting a vulnerability assessment to evaluate the cybersecurity risk and try to minimize/mitigate it as much as possible. Vulnerability assessments are usually conducted before and after applying any countermeasures within the organization. This helps with the evaluation process to determine whether the attack surfaces are reduced; it also ensures the proper practices are used and applied correctly.
When an administrator dealing with security installs a patch on the endpoint security tool, there are chances of manual errors or misconfigurations in the tool that may open a door for a hacker to attack the node.
Periodic vulnerability testing/analysis is essential in such situations.
Vulnerability assessments have the following advantages:
- Help administrators to keep their data safe from hackers and attackers, which eliminates business risks.
- Vulnerability assessment tools help administrators to check for loopholes in the network architecture. These tools also examine whether there are any possible destructive actions that can cause damage to your application, software, or network.
- Vulnerability assessment tools detect attack pathways that may get missed in manual assessment, which increases the ROI.
Before performing a vulnerability assessment, the administrators should create a test plan, develop a threat model and verify the URLs, and access credentials.
There are two ways of conducting a vulnerability assessment. The first one is the automated dynamic scanning and the other is the manual Vulnerability and Penetration Testing (VAPT).
In the automated method, a tool, such as Burp Suite Pro, IBM Rational AppScan, is used to scan the application and find security flaws. The manual testing is performed in the following steps:
- Check SQL injection, XML injection, and LDAP injection flaws
- Inspect poor authentication methods and cracked login processes
- Inspect cookies and other session details
- Inspect the default settings in the security configurations in the devices
- Inspect broken encryption algorithms and other ciphers to secure the communications
Choose either automatic or manual testing methods to verify the scan results, collect evidence, and complete the reports.