Nowadays, we have so much technology coming out that’s being consumed by consumers or being pushed out to the consumers and, one of the main problems it’s that they have no idea how they operate. They just know that it works and they have this or that cool features but they don’t imagine that each one of these new features can come with new vulnerabilities. We can discuss here about the point that the normal user don’t need to know about vulnerabilities, security or proper configuration for the new devices or features, however this should be a thought of the past. Today, everyone should have a basic knowledge about all this stuff. It´s clear that, except in a few cases, it’s going to be a big difference between the knowledge the standard user has and the knowledge an IT person has, it’s obvious, one of them it’s just using the products and the others are managing the products and, almost all the time, doing it for companies or enterprises that expect a certain level of expertise. But, it doesn’t matter who you are or what you do, the simple and undeniable truth is that everyone nowadays should have, at least, a few knowledge about the threads they have around when they are using technology because today, technology is everywhere.
This article is focused in IT persons, but I think that it can be useful for everyone that uses technology and it’s aware that they need to know or they are just curious.
There are some different issues that can be considered threads in the world of computer security and any one involved in this world should be aware of, to try to avoid or mitigate the efects. This is just a list of threads, not an explanation of how to mitigate their effects. We can divide threads in different categories:
- Host threads: An I’m not talking just about servers that are used to deploy applications, in this category fall servers, workstations, tablets and cell phones anything that have an operative system installed and can be connected to the Internet. We can have in this category things like:
- Footprinting: Every computer or every operative system answers in different ways to the same questions. This allows attackers to investigate and obtain information about our infrastructure.
- Physical security: Thinks like don’t lock your laptop when you are not around, don’t lock your screen or expend a lot of time bastioning your server when it’s quite easy to have physical access to it.
- Password threads: It shouldn’t be enough with having a password, we should have proper passwords defined in a password policy and with enough restrictions to consider them secure.
- Malware: A thread in expansion nowadays, day after day we can see more cases of malware, we should have control about what is installed in our host and what the host is executing. We shouldn’t install things just using the “Next” button without read the different screens in the wizards, this is how you end up with new bars in your browser or applications that you don’t know what they are.
- Denial of Service: It does’t matter if it’s intentional or non-intentional, the result is that your system is not going to be available, you can lose money, customers, reputation, …
- Unauthorized access: No one that it’s not allowed to use a system should be allowed to log into the system, period.
- Privilege escalation: It’s closely related with the previous one, if I can access illegitimately the system I can try to obtain more privileges in it. Creating accounts with more privileges for example.
- Backdoors: One of the things that attackers are going to do after gain access to our systems, it’s to create a backdoor to be able to return later and access the system again in a easier way. One very common way to do that is creating service accounts. For this reason this is one of the things that we should revise.
- Natural and physical threads:
- Natural disasters: Earthquakes, hurricanes, floods or any other natural disaster. It’s obvious that try to prevent this kind of events it’s out of discussion but we should have the proper plans, procedures or policies to try to mitigate their effects.
- Physical threads: Like thefts, dropping the laptop or the cell phone, anything that can affect directly to the physical device. We need to be prepared to mitigate the loss of information.
- Power: Power problems can affect our devices or components, can destroy or affect data or stress our devices.
- End of life: Every device has life and in some point it needs to be retired. Maybe because is not powerful enough to match your business requirements or just because it’s too old. But any of our devices, in general, it’s going to have a HD that it has been storing our information in some point and we should take care of this. And, I’m not talking just about laptops or PCs, I’m including printers or any other device that has a HD. The wrong treatment of these devices can derivate in a leak of information.
- Application threads:
- Configuration threads: Misconfigurations or default configurations can be a great threat for our devices and our organizations. We should pay attention to everything that we are configuring, it does’t matter if it’s hardware or software. We should read the manuals properly and even, if it’s necessary, look for some training.
- Buffer overflows: This is an application trying to store more information in the buffer than what intended to hold. This usually is caused by errors during the development. Any in-house development should be reviewed carefully, any open source code should be reviewed carefully and all the scripts or codes our developers or IT persons copy and paste from the Internet should be reviewed.
- Data and Input Validation: All the information coming into our application needs to be previously validated to avoid injection. Code injection, SQL injection, any injection.
- Human threads: With this point we can write a book, and probably a few of them. The biggest and one of the more dangerous threads is us. We are humans and we are falible. Exists a hacking discipline focus in this kind of thread: Social engineering. How to obtain from people what you need. We need to train our people, we need to have policies and mitigation measures and we need to be prevented, there is no other way.
- Network threads:
- Sniffing and Eavesdropping: Anyone can be sniffing in your network trying to obtain information to perform and attack.
- ARP Spoffing: Trying to simulate the attacker computer is the default gateway or any other interesting computer in your network.
- Denial of Service: Yes, here we have this thread again.
This is just a list of some general threads we can find around us all the time and something about we need to take care when we are auditing our systems or trying to penetrate them. I hope it´s useful, at least, to have them in the same place to review it.