Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
2/18/2015
05:00 PM
Carric Dooley
Carric Dooley
Partner Perspectives
Connect Directly
Twitter
RSS
50%
50%

Five Easiest Ways to Get Hacked Part 1

A conversation with principal security consultant Amit Bagree.

I had the opportunity recently to sit down with Amit Bagree, one of our principal security consultants, for a chat about the most common weak points in network security. Amit has been breaking things apart since childhood, has been working in the security field for almost 10 years, and is a graduate of the prestigious Carnegie Mellon University Master’s program in Information Security Technology and Management.

Many recent security breaches started from a weak point in the network. Are you seeing a common set of weak points, or were these anomalous cases?

In my experience, there are several common weak points, or “low-hanging fruit,” that can be exploited to completely compromise a network. The first two are configuration issues: weak passwords and default credentials. A third is an all-too-easy mistake that results in leaving some network doors open.

Let’s start with the configuration issues, because they are probably the easiest to fix. Is that correct?

Yes, these two related issues are definitely the easiest to fix. The first one involves the credentials on your database. Not only does the database have information that is potentially valuable to an attacker, but most databases have functionality that allows direct access to the underlying operating system by interacting with a command shell. This typically gives the attacker system-level access to that machine, and probably large parts of your network as well.

Finding and breaching database servers is a simple attack that does not require any special skills. Downloadable tools with easy-to-use interfaces will scan for servers and provide an option to attempt a brute-force attack on the usernames and passwords. Common usernames are left in place, some with blank passwords, making this attack quick and successful for many databases. Fixing this is as simple as turning on the option to enforce password complexity, setting account lockout after several failed attempts, following strong password guidelines, and deleting or renaming common usernames.

The second configuration issue is weak credentials on sensitive resources such as web servers and remote-control applications. All too often there is at least one device, maybe a test machine, with default or weak credentials still in place. With readily available tools, attackers can scan your network and check for access via well-known default credentials. Even if they get access to “just” the test machine, with domain association and privilege escalation tricks they can readily hop to other machines and move laterally into more treasure-rich portions of the network. Again, the simple fix for this is deleting or renaming default accounts, using strong passwords, enforcing password rules, and enabling account lockout. The best news is that you can use the same tools the attackers would to scan and test your own network.

So passwords and credentials remain a key vulnerability, but one that can be addressed with simple steps. What else should IT security teams review?

Despite all of the publicity around security, there are still doors being left open on networks. They are, for the most part, a mistake caused by lack of education or awareness. Specifically, this weak point is network shared folders that do not require any credentials or authentication to access, often called open shares. The attack is simple. Downloadable tools, similar to Windows Explorer, can scan a range of IP addresses and simply display all shared folders, highlighting the open ones. Hackers can then scan each open folder looking for keywords, or use regular expressions to find formatted data like credit card or social security numbers. I have found open system shares that contain credentials, banking data, and personally identifiable information (PII) many times.

Unfortunately, there is no simple patch or configuration change for this weakness. Security teams should regularly scan for open shares on the network, and remind and educate those involved about the risks.

Thanks Amit. This is actionable guidance. What do you have for us in Part 2?

Next, we will look at two more weak points. The first is potential security pitfalls in Windows network name resolution. The second is moving too slowly to patch systems with known exploits.

For more details on these security issues, read Amit Bagree’s detailed white paper, Low Hanging Fruits: The Top Five Easiest Ways to Hack or Get Hacked

Carric Dooley has extensive experience leading comprehensive security assessments as well as network and application penetration tests in a wide range of industries across North America, Europe, and Asia. As the Worldwide VP of Foundstone Services at McAfee, part of Intel ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15703
PUBLISHED: 2020-10-31
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivile...
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.