Common Network Vulnerabilities Essay

â€Å"Businesses, governments, and other organizations face a wide array of information security risks. Some threaten the confidentiality of private information, some threaten the integrity of data and operations, and still others threaten to disrupt availability of critical systems† (Sullivan, 2009). Since such security risks are always going to present in the cyber world, businesses and organizations need to fully be aware of any vulnerabilities in their systems. The initial realization of any organization’s vulnerability can only first be understood through the knowledge of what vulnerability means. A vulnerability is a security weakness but not a security threat. It is what needs to be assessed in order to examine an organization’s network. One of the main network vulnerabilities facing IT managers today is the absence of encrypted data being transferred and received between uninformed users and the lack of knowledge and understanding within an organization’s internal structure. Network vulnerabilities are present in every system and with the constant advancement in knowledge, programs, and technology; it can be extremely difficult to rid all vulnerabilities in any infrastructure. Whether it is implementing hardware or beefing up software security, no one method of protecting a network can be greatly increased unless the users and IT professionals behind the update are up to speed on what is happening. To begin, all users in an organization or business need to be aware. Be aware of your surroundings. Be aware of the software that you use on a daily basis, and the information that is being passed between everyone. Security awareness in any infrastructure needs to be the center of any cyber security business program. In many respects, the challenges of implementing and managing effective technical controls pale in comparison with the difficulties in addressing organizational weaknesses, such as insufficient or ineffective security awareness training† (Sullivan, 2009). Companies that don’t provide security awareness and training are leaving open pathways into their network (McLaughlin, 2006). From an IT manager’s standpoint, companies are fully aware of the threats that their organization is faced with everyday. From a survey conducted from nearly â€Å"550 small and midsize businesses, it was found that human error was the primary cause of nearly 60 percent of security breaches during the past year† (McLaughlin, 2006). This 60 percent clearly states that the primary holes in any organization’s security remain user problems and insufficient training throughout the company. â€Å"The alarming part is that little is being done to change cultural behavior† (McLaughlin, 2006). Even knowing that the lack of education and training cause companywide vulnerabilities, changes and training continue to lie on the wayside and be less of a priority rather than a major one. The Internet is rapidly growing and evolving and people need to evolve with it. The Internet is ultimately becoming the staple for all businesses today. â€Å"Businesses from all over the world have found the Internet to be a cost effective and reliable business tool. Indeed, in the last few years, in addition to conventional business transactions, many of the controls systems (SCADA) that support national and public utilities are adopting the Internet as a core data transport method. This has resulted in businesses and societies becoming critically dependent on the continuous operation of the Internet† (John, n. ). These dependencies need to then be addressed to provide critical support for end user vulnerabilities. End user vulnerabilities need to first be recognized within a business and proper steps need to be taken to adequately train employees. â€Å"Most of the flaws that emerge in the security and vulnerability assessment realm are due to misconfigurations and poor application of corporate security practices, which points to a need for training† (McLaughlin, 2006). Businesses need to include security training and awareness; this being the first step in the correction of network holes. In my opinion, security awareness is the basis of all network flaws. Because network security is extremely important, businesses need to make it a top priority to have a network infrastructure assessment. Networks are becoming increasingly complex and by executing a network assessment it will help IT managers ensure the company’s network is operating at peak efficiency. â€Å"The vulnerability of the system depends on the state of the system itself, on the capacity of a hazard to affect this state and on the undesired consequences the combination of the hazard and the vulnerability will eventually lead to† (Petit & Robert, 2010). Known vulnerabilities of a security infrastructure require a situational awareness. â€Å"This includes knowledge of security software versions for integrity management and anti-malware processing, signature deployments for security devices such as intrusion detection systems, and monitoring status for any types of security collection and processing systems† (Amoroso, 2011). In addition to an entire infrastructure assessment, there must be companywide training classes. These trainings need to help employees understand not only the importance of network security, but also how their actions can impact everyone and everything around them. According to a Booz Allen Hamilton survey, the nation’s cyber defense is seriously challenged by shortages of highly skilled cyber-security experts† (Vanderwerken & Ubell, 2011). This poses one major issue; the people being hired to run elaborate business networks are unqualified and inadequately trained. These businesses must provide high-level in-house training programs to the experts as well as the entire workforce to ensure the integrity of internal and client systems and to avoid the cyber threats surrounding the business. Training must be provided to end users to provide overall awareness and give them the general knowledge needed to maintain the businesses integrity and a sufficiently working network. This simple, yet effective training will provide any business with a sufficient return on investment. â€Å"As long as there are cyber criminals ready to strike, your company remains vulnerable. Vigilant cyber-security training and education must be your company’s top priority† (Vanderwerken & Ubell, 2011). Even though a business can provide the necessary training through company ide programs, the biggest vulnerability in an organization are the negligent employees who don’t care or don’t want to participate in the proper security procedures. Most companies are oblivious to the fact that the most pervasive attacks on a network are caused by gullible and negligent employees clicking and opening invasive files embedded in emails and data from beyond the company’s network firewall. â€Å"Despite strenuous efforts by most companies to alert personnel to email and Internet behavior that opens up firms to invasion, employees continue to do foolish things. As more access is given to the end user by means of mobile computing, cyber-crime prevention has to be a top priority. The corporate landscape requiring protection is multiplying at very quick pace† (Vanderwerken & Ubell, 2011). Another major aspect in training is to be familiar with the upgrading of a network with new hardware. Such an update is a suitable idea but the installation and a working knowledge of how to use and implement this new technological hardware is essential. Many companies just don’t understand how vulnerable they are in areas they never would expect there to be flaws, such as hardware purchasing. Inadvertent mistakes are better avoided when consistent and specific training is given to non-IT staff regarding the dangers their everyday activity can incur† (Vanderwerken & Ubell, 2011). Taking it one step further, company wide training can only provide so much assurance but IT management also needs to be aware of the internal threats that may come from dishonest employees. Internal threats from dishonest employees are a major risk. Organizations need to keep a watchful eye on those who misbehave on internal networks, intentional or not (Beidel, 2011). Problems from the inside are often overlooked. â€Å"Hackers have been successful against firms with solid security frameworks by analyzing their employees and going after them with cleverly worded emails, also known as ‘phishing. ’ Companies have begun training all employees on cybersecurity fundamentals. No amount of technology can prevent attacks if employees are not educated† (Beidel, 2011). Phishing incidents are one of the main threats to uneducated employees. Uneducated employees are susceptible to the ‘wolves’ and become prey to the malicious viruses disguised as harmless data or programs. Phishing is one of the easiest ways for enemies to feed off of these uneducated users in an organization. It takes the user’s lack of knowledge and gullible nature and tempts them in to opening or transferring data that has potentially been tampered with. This type of attack plays into the gullibility of the users and tries to get them to open malicious documents and pass them on to create a chain effect within a company and thus cause all sorts of problems. This ultimately could lead to loss of clients and even worse the downfall of the company itself. In conclusion, every network user must be educated and trained on Internet security. It is this training that is going to lesson a business’s network vulnerabilities and provide the education needed to strengthen security gaps on a companywide scale. â€Å"Organizations must provide sophisticated training to in-house experts to ensure the integrity of internal and client systems. They must also offer instruction to their entire workforce to avoid cyber minefields surrounding us all. Simple, yet effective, training must be provided to personnel for general awareness, while graduate education is now globally available to specialists to gain the high level of expertise your company requires. As long as there are cyber criminals ready to strike, your company remains vulnerable. Vigilant cyber-security training and education must be your company’s top priority† (Vanderwerken & Ubell, 2011).