Five Easiest Ways to Get Hacked – Part 1A conversation with principal security consultant Amit Bagree.
I had the opportunity recently to sit down with Amit Bagree, one of our principal security consultants, for a chat about the most common weak points in network security. Amit has been breaking things apart since childhood, has been working in the security field for almost 10 years, and is a graduate of the prestigious Carnegie Mellon University Master’s program in Information Security Technology and Management.
Many recent security breaches started from a weak point in the network. Are you seeing a common set of weak points, or were these anomalous cases?
In my experience, there are several common weak points, or “low-hanging fruit,” that can be exploited to completely compromise a network. The first two are configuration issues: weak passwords and default credentials. A third is an all-too-easy mistake that results in leaving some network doors open.
Let’s start with the configuration issues, because they are probably the easiest to fix. Is that correct?
Yes, these two related issues are definitely the easiest to fix. The first one involves the credentials on your database. Not only does the database have information that is potentially valuable to an attacker, but most databases have functionality that allows direct access to the underlying operating system by interacting with a command shell. This typically gives the attacker system-level access to that machine, and probably large parts of your network as well.
Finding and breaching database servers is a simple attack that does not require any special skills. Downloadable tools with easy-to-use interfaces will scan for servers and provide an option to attempt a brute-force attack on the usernames and passwords. Common usernames are left in place, some with blank passwords, making this attack quick and successful for many databases. Fixing this is as simple as turning on the option to enforce password complexity, setting account lockout after several failed attempts, following strong password guidelines, and deleting or renaming common usernames.
The second configuration issue is weak credentials on sensitive resources such as web servers and remote-control applications. All too often there is at least one device, maybe a test machine, with default or weak credentials still in place. With readily available tools, attackers can scan your network and check for access via well-known default credentials. Even if they get access to “just” the test machine, with domain association and privilege escalation tricks they can readily hop to other machines and move laterally into more treasure-rich portions of the network. Again, the simple fix for this is deleting or renaming default accounts, using strong passwords, enforcing password rules, and enabling account lockout. The best news is that you can use the same tools the attackers would to scan and test your own network.
So passwords and credentials remain a key vulnerability, but one that can be addressed with simple steps. What else should IT security teams review?
Despite all of the publicity around security, there are still doors being left open on networks. They are, for the most part, a mistake caused by lack of education or awareness. Specifically, this weak point is network shared folders that do not require any credentials or authentication to access, often called open shares. The attack is simple. Downloadable tools, similar to Windows Explorer, can scan a range of IP addresses and simply display all shared folders, highlighting the open ones. Hackers can then scan each open folder looking for keywords, or use regular expressions to find formatted data like credit card or social security numbers. I have found open system shares that contain credentials, banking data, and personally identifiable information (PII) many times.
Unfortunately, there is no simple patch or configuration change for this weakness. Security teams should regularly scan for open shares on the network, and remind and educate those involved about the risks.
Thanks Amit. This is actionable guidance. What do you have for us in Part 2?
Next, we will look at two more weak points. The first is potential security pitfalls in Windows network name resolution. The second is moving too slowly to patch systems with known exploits.
For more details on these security issues, read Amit Bagree’s detailed white paper, Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked
Carric Dooley has extensive experience leading comprehensive security assessments as well as network and application penetration tests in a wide range of industries across North America, Europe, and Asia. As the Worldwide VP of Foundstone Services at McAfee, part of Intel ... View Full Bio