Without carefully planned and properly implemented network architecture, attackers can bypass security controls on certain systems, infiltrating the network to gain access to targeted machines. A robust, secure network engineering process must be employed to complement detailed controls.
Attacks on network security can take many different forms:
- Attackers frequently map networks looking for unneeded connections between systems, weak filtering, and a lack of network separation.
- Network devices may become less securely configured over time as users demand exceptions for specific and temporary business needs. Often the exception is neither properly analysed nor measured against the associated business need and may change over time.
- Electronic holes in firewalls, routers, and switches are also used to penetrate these defences to gain access to networks, redirect traffic on a network (to a malicious system masquerading as a trusted system), and alter information while in transmission. Here the attacker gains access to data, alters information, or even uses one compromised machine to pose as another trusted system on the network.
- Attackers search for remotely accessible network services vulnerable to exploitation. Common examples include poorly configured web servers, mail servers, file and print services, and domain name system (DNS) servers installed by default on a variety of device types, often without a business need for the given service.
- Many software packages automatically install services and turn them on as part of the installation of the main software package without informing a user or administrator that the services have been enabled. Attackers scan for such issues and attempt to exploit these services, often attempting default user IDs and passwords or widely available exploitation code.