There’s an interesting read this morning about what attack vectors are actually used to compromise corporate networks:
What’s notable is that most of the commonly used, successful methods used to compromise an organization’s security are related to credential management.
When you read about security, it’s usually about software vulnerabilities, zero-day exploits (i.e., those that have not yet been discovered by others or remediated by the software vendor), perimeter defense and patch management.
That’s sexy stuff – it’s technologically advanced, requires highly skilled people to find problems and develop exploits, etc.
The reality is much more mundane, however:
- Weak user and admin passwords.
- Users that unwittingly download and run malware.
- Use of old, insecure password and name resolution protocols.
- Plaintext passwords stored on disk and in memory.
- Wide-open networks, which allow an attacker with a small beachhead to attack additional systems with ease.
The solutions to these problems are fairly simple too:
- Shut down network services that use old, weak protocols.
- Patch or upgrade software address plaintext passwords in-memory or on-disk.
- Limit user access to only what they need, only when they need it.
- Segment the network with internal firewalls, to limit the impact of a successful breach.
- Get users to choose strong passwords.
- Automate controls over admin passwords.
- User education and awareness, especially around malware and “social engineering” attacks.
Perhaps not as sexy as zero-day exploits, but more effective.
Hitachi ID Systems can help with some of these security strategies: