Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
2/18/2015
05:00 PM
Carric Dooley
Carric Dooley
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Five Easiest Ways to Get Hacked Part 1

A conversation with principal security consultant Amit Bagree.

I had the opportunity recently to sit down with Amit Bagree, one of our principal security consultants, for a chat about the most common weak points in network security. Amit has been breaking things apart since childhood, has been working in the security field for almost 10 years, and is a graduate of the prestigious Carnegie Mellon University Master’s program in Information Security Technology and Management.

Many recent security breaches started from a weak point in the network. Are you seeing a common set of weak points, or were these anomalous cases?

In my experience, there are several common weak points, or “low-hanging fruit,” that can be exploited to completely compromise a network. The first two are configuration issues: weak passwords and default credentials. A third is an all-too-easy mistake that results in leaving some network doors open.

Let’s start with the configuration issues, because they are probably the easiest to fix. Is that correct?

Yes, these two related issues are definitely the easiest to fix. The first one involves the credentials on your database. Not only does the database have information that is potentially valuable to an attacker, but most databases have functionality that allows direct access to the underlying operating system by interacting with a command shell. This typically gives the attacker system-level access to that machine, and probably large parts of your network as well.

Finding and breaching database servers is a simple attack that does not require any special skills. Downloadable tools with easy-to-use interfaces will scan for servers and provide an option to attempt a brute-force attack on the usernames and passwords. Common usernames are left in place, some with blank passwords, making this attack quick and successful for many databases. Fixing this is as simple as turning on the option to enforce password complexity, setting account lockout after several failed attempts, following strong password guidelines, and deleting or renaming common usernames.

The second configuration issue is weak credentials on sensitive resources such as web servers and remote-control applications. All too often there is at least one device, maybe a test machine, with default or weak credentials still in place. With readily available tools, attackers can scan your network and check for access via well-known default credentials. Even if they get access to “just” the test machine, with domain association and privilege escalation tricks they can readily hop to other machines and move laterally into more treasure-rich portions of the network. Again, the simple fix for this is deleting or renaming default accounts, using strong passwords, enforcing password rules, and enabling account lockout. The best news is that you can use the same tools the attackers would to scan and test your own network.

So passwords and credentials remain a key vulnerability, but one that can be addressed with simple steps. What else should IT security teams review?

Despite all of the publicity around security, there are still doors being left open on networks. They are, for the most part, a mistake caused by lack of education or awareness. Specifically, this weak point is network shared folders that do not require any credentials or authentication to access, often called open shares. The attack is simple. Downloadable tools, similar to Windows Explorer, can scan a range of IP addresses and simply display all shared folders, highlighting the open ones. Hackers can then scan each open folder looking for keywords, or use regular expressions to find formatted data like credit card or social security numbers. I have found open system shares that contain credentials, banking data, and personally identifiable information (PII) many times.

Unfortunately, there is no simple patch or configuration change for this weakness. Security teams should regularly scan for open shares on the network, and remind and educate those involved about the risks.

Thanks Amit. This is actionable guidance. What do you have for us in Part 2?

Next, we will look at two more weak points. The first is potential security pitfalls in Windows network name resolution. The second is moving too slowly to patch systems with known exploits.

For more details on these security issues, read Amit Bagree’s detailed white paper, Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked

Carric Dooley has extensive experience leading comprehensive security assessments as well as network and application penetration tests in a wide range of industries across North America, Europe, and Asia. As the Worldwide VP of Foundstone Services at McAfee, part of Intel ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15113
PUBLISHED: 2019-08-16
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
CVE-2019-15114
PUBLISHED: 2019-08-16
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
CVE-2019-15115
PUBLISHED: 2019-08-16
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
CVE-2019-15116
PUBLISHED: 2019-08-16
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
CVE-2017-18547
PUBLISHED: 2019-08-16
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.