Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
2/18/2015
05:00 PM
Carric Dooley
Carric Dooley
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Five Easiest Ways to Get Hacked Part 1

A conversation with principal security consultant Amit Bagree.

I had the opportunity recently to sit down with Amit Bagree, one of our principal security consultants, for a chat about the most common weak points in network security. Amit has been breaking things apart since childhood, has been working in the security field for almost 10 years, and is a graduate of the prestigious Carnegie Mellon University Master’s program in Information Security Technology and Management.

Many recent security breaches started from a weak point in the network. Are you seeing a common set of weak points, or were these anomalous cases?

In my experience, there are several common weak points, or “low-hanging fruit,” that can be exploited to completely compromise a network. The first two are configuration issues: weak passwords and default credentials. A third is an all-too-easy mistake that results in leaving some network doors open.

Let’s start with the configuration issues, because they are probably the easiest to fix. Is that correct?

Yes, these two related issues are definitely the easiest to fix. The first one involves the credentials on your database. Not only does the database have information that is potentially valuable to an attacker, but most databases have functionality that allows direct access to the underlying operating system by interacting with a command shell. This typically gives the attacker system-level access to that machine, and probably large parts of your network as well.

Finding and breaching database servers is a simple attack that does not require any special skills. Downloadable tools with easy-to-use interfaces will scan for servers and provide an option to attempt a brute-force attack on the usernames and passwords. Common usernames are left in place, some with blank passwords, making this attack quick and successful for many databases. Fixing this is as simple as turning on the option to enforce password complexity, setting account lockout after several failed attempts, following strong password guidelines, and deleting or renaming common usernames.

The second configuration issue is weak credentials on sensitive resources such as web servers and remote-control applications. All too often there is at least one device, maybe a test machine, with default or weak credentials still in place. With readily available tools, attackers can scan your network and check for access via well-known default credentials. Even if they get access to “just” the test machine, with domain association and privilege escalation tricks they can readily hop to other machines and move laterally into more treasure-rich portions of the network. Again, the simple fix for this is deleting or renaming default accounts, using strong passwords, enforcing password rules, and enabling account lockout. The best news is that you can use the same tools the attackers would to scan and test your own network.

So passwords and credentials remain a key vulnerability, but one that can be addressed with simple steps. What else should IT security teams review?

Despite all of the publicity around security, there are still doors being left open on networks. They are, for the most part, a mistake caused by lack of education or awareness. Specifically, this weak point is network shared folders that do not require any credentials or authentication to access, often called open shares. The attack is simple. Downloadable tools, similar to Windows Explorer, can scan a range of IP addresses and simply display all shared folders, highlighting the open ones. Hackers can then scan each open folder looking for keywords, or use regular expressions to find formatted data like credit card or social security numbers. I have found open system shares that contain credentials, banking data, and personally identifiable information (PII) many times.

Unfortunately, there is no simple patch or configuration change for this weakness. Security teams should regularly scan for open shares on the network, and remind and educate those involved about the risks.

Thanks Amit. This is actionable guidance. What do you have for us in Part 2?

Next, we will look at two more weak points. The first is potential security pitfalls in Windows network name resolution. The second is moving too slowly to patch systems with known exploits.

For more details on these security issues, read Amit Bagree’s detailed white paper, Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked

Carric Dooley has extensive experience leading comprehensive security assessments as well as network and application penetration tests in a wide range of industries across North America, Europe, and Asia. As the Worldwide VP of Foundstone Services at McAfee, part of Intel ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27673
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
CVE-2020-27674
PUBLISHED: 2020-10-22
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
CVE-2020-27675
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash vi...
CVE-2020-3996
PUBLISHED: 2020-10-22
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.
CVE-2020-15680
PUBLISHED: 2020-10-22
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerabil...