Network and System Security Vulnerabilities

1. Exposed Data on the Internet

a. Unsecured Cloud Storage

• Data is often left unsecured in cloud environments (e.g., Amazon S3 buckets).
• Attackers actively scan for these misconfigurations to download sensitive data.
• Example: June 2017 – 14 million Verizon records were exposed due to an open Amazon S3 bucket managed by a third party.

2. Unsecured Administrator Accounts

a. Superuser Risks

• Root (Linux) and Administrator (Windows) accounts are high-value targets.
• Weak passwords like “123456”, “ninja”, or “football” make them easy to brute-force.

b. Best Practices

• Disable direct root or administrator login.
• Use standard user accounts with su, sudo, or “Run as Administrator” for elevated access.
• Limit the number of users with elevated access.

3. Insecure Protocols and Packet Capture

a. Insecure Network Protocols

• Protocols like Telnet, FTP, SMTP, IMAP, POP3, HTTP transmit data in plaintext.
• Use secure versions: SSH, SFTP, SMTPS, IMAPS, HTTPS.

b. Packet Capture Demonstration

• Tools like Wireshark can capture and reveal unencrypted data.
• Captured data may include browser details, cookies, and referral URLs.

c. Real-World Example: DEFCON “Wall of Sheep”

• At DEFCON, unencrypted network traffic is captured and displayed to raise awareness.
• Data shown may include email addresses, IPs, and parts of passwords sent in plaintext.

4. Default Credentials and IoT Threats

a. Default Login Vulnerabilities

• Many devices ship with default usernames and passwords.
• Some prompt password changes, but many allow default access indefinitely.

b. The Mirai Botnet

• Uses a list of over 60 default credentials for IoT devices like cameras, routers, etc.
• Open-source botnet used by both researchers and attackers to scan for vulnerable devices.

5. Open Ports and Firewall Risks

a. Inbound Services and Port Exposure

• Opening a port allows external access to a specific application.
• Each open port increases potential attack surface.

b. Firewall Rule Complexity

• Firewalls manage access based on IP and port rules.
• Large rule sets can lead to accidental access allowances and misconfigurations.

c. Importance of Regular Audits

• Firewall configurations should be reviewed regularly.
• Ensure only necessary ports are open to reduce exposure to attackers.