Security misconfiguration occurs when security settings are not adequately defined in the configuration process or maintained and deployed with default settings. This might impact any layer of the application stack, cloud or network. Misconfigured clouds are a central cause of data breaches, costing organizations millions of dollars. Show
Vulnerabilities are generally introduced during configuration. Typical misconfiguration vulnerabilities occur with the use of the following:
This is part of an extensive series of guides about Network Security. In this article:
Why Do Security Misconfiguration Occur?A misconfiguration may take place for a variety of reasons. Today’s network infrastructures are intricate and continually changing—organizations might overlook essential security settings, such as network equipment that could still have default configurations. Even if an organization has secured configurations for its endpoints, you must still regularly audit security controls and configurations to identify configuration drift. New equipment is added to the network, systems change and patches are applied—all adding to misconfigurations. Developers may develop network shares and firewall rules for ease, while building software keeping them unchanged. Sometimes, administrators permit configuration modifications for troubleshooting or testing purposes, but these don’t return to the initial state. Employees often temporarily disable an antivirus if it overrides particular actions (such as running installers) and then fail to remember to re-enable it. It is estimated that over 20% of endpoints have outdated anti-malware or antivirus. Impact of Security Misconfigurations AttacksSecurity misconfigurations can be the result of relatively simple oversights, but can expose an application to attack. In certain instances, misconfiguration may leave information exposed, so a cybercriminal won’t even need to carry out an active attack. The more code and data exposed to users, the bigger the risk for application security. For example, a misconfigured database server can cause data to be accessible through a basic web search. If this data includes administrator credentials, an attacker may be able to access further data beyond the database, or launch another attack on the company’s servers. In the case of misconfigured (or absent) security controls on storage devices, huge amounts of sensitive and personal data can be exposed to the general public via the internet. Generally, there is no way of discovering who might have accessed this information before it was secured. Directory listing is another common issue with web applications, particularly those founded on pre-existing frameworks like WordPress. Users browse and access the file structure freely, so they can easily discover and exploit security vulnerabilities. If you cannot block access to an application’s structure, attackers can exploit it to modify parts of or reverse-engineer the application. This might be hard to control if an application is meant for delivery to mobile devices. As OWASP notes, switching to mobile applications weakens an organization’s control over who can view or modify the code. This is because the business and presentation layers of the applications are deployed on a mobile device and not on a proprietary server. 9 Common Types of Security MisconfigurationThe following are common occurrences in an IT environment that can lead to a security misconfiguration:
Security Misconfiguration Examples: Real Like Misconfiguration AttacksHere are a few real life attacks that caused damage to major organizations, as a result of security misconfigurations:
Related content: Learn more about these and other attacks in our guide to misconfiguration attacks How Can You Safeguard Against Security Misconfiguration?The initial step you need to take is to learn the features of your system, and to understand each key part of its behavior. To achieve this, you must have a real-time and accurate map of your whole infrastructure. This demonstrates communication and flows over your data center environment, both on-premises or in a hybrid cloud. When you understand your systems, you can mitigate risks resulting from security misconfiguration by keeping the most essential infrastructure locked. Permit only some authorized users to access the ecosystem. Here are some efficient ways to minimize security misconfiguration:
Security Misconfiguration Protection with BrightBright automates the detection of security misconfiguration and hundreds of other vulnerabilities. The reports come with zero false-positives and clear remediation guidelines for the whole team. Bright’s integration with ticketing tools like Jira helps you keep track of all the findings and assigned team members. Secure your app with every build Sign up for a FREE Bright account.Get Free AccountTry Bright Bright for free – Register for a free Bright account See Our Additional Guides on Key Network Security TopicsTogether with our content partners, we have authored in-depth guides on several other topics that can also be useful as you explore the world of network security. Cloud security solutionsAuthored by NetApp
OIDCAuthored by Frontegg
Network FirewallAuthored by Cato
Try Bright For Free Sign up now! Sign Up Related Articles Vulnerabilities Deserialization Vulnerability: Everything You Need to KnowWhat is Deserialization Vulnerability? Deserialization vulnerability, often referred to as insecure deserialization, is a widespread and dangerous form of data theft & security breaches. However, Read More »November 27, 2022 No Comments Vulnerabilities 7 SSRF Mitigation Techniques You Must KnowWhat is SSRF? Server-side request forgery (SSRF) attacks allow an attacker to trick server-side applications into allowing access to the server or modifying files. SSRF Read More »November 15, 2022 No Comments News Turning Left: How Bright Reinvented the DAST WheelDynamic Application Security Testing (DAST) tools have been around for decades. However, what was once the dominant market solution is becoming obsolete. Primarily, this shift What are configuration vulnerabilities?What is a security configuration vulnerability? flaw in your security settings, like failing to auto-encrypt your files, could leave your entire network and every device connected to it vulnerable to an attack.
Which of the following computing platforms is highly vulnerable to attacks?Windows Computers Were Targets of 83% of All Malware Attacks in Q1 2020. AV Test shows that Windows computers are the most vulnerable to malware attacks and are targeted more than any other operating system.
Which of the following is an attack vector used by threat actors to penetrate a system?Key takeaways. Hackers steal information, data, and money from people and organizations by investigating known attack vectors and attempting to exploit vulnerabilities. The three most common attack vectors used by hackers are phishing emails, malware, and unpatched vulnerabilities.
Which of the following is the most common method for delivering malware?By far the most common method for hackers and state-sponsored hacking organizations to spread malware is through phishing emails. Hackers have become incredibly skilled at crafting emails that trick employees into clicking on links or downloading a file that contains malicious code.
|