A network vulnerability is a weakness or flaw in software, hardware, or organizational processes, which when compromised by a threat, can result in a security breach.
Nonphysical network vulnerabilities typically involve software or data. For example, an operating system (OS) might be vulnerable to network attacks if it’s not updated with the latest security patches. If left unpatched a virus could infect the OS, the host that it’s located on, and potentially the entire network.
Physical network vulnerabilities involve the physical protection of an asset such as locking a server in a rack closet or securing an entry point with a turnstile.
servers have some of the strongest physical security controls in place as they contain valuable data and trade secrets or perform a revenue-generating function like a web server hosting an eCommerce site. Often stored in off-site data centers or in secure rooms, servers should be protected with personalized access cards and biometric scanners.
Prior to investing in security controls, a network risk assessment must take place to quantify the cost and acceptable loss of the equipment and its function. As with all things in cyber security it’s a balancing act of resources vs functionality that makes for the most practical solutions.
Network vulnerabilities come in many forms but the most common types are:
- Malware, short for malicious software, such as Trojans, viruses, and worms that are installed on a user’s machine or a host server.
- Social engineering attacks that fool users into giving up personal information such as a username or password.
- Outdated or unpatched software that exposes the systems running the application and potentially the entire network.
- Misconfigured firewalls / operating systems that allow or have default policies enabled.
