When discussing network security, three common terms used are
vulnerability, threat, and attack. Vulnerability is a weakness which is
inherent in every network and device. This includes routers, switches,
desktops, servers, and even security devices themselves. Threats are the people
eager, willing, and qualified to take advantage of each security weakness, and
they continually search for new exploits and weaknesses. Finally, the threats
use a variety of tools, scripts, and programs to launch attacks against
networks and network devices. Typically, the network devices under attack are
the endpoints such as servers and desktops.
There are three primary
vulnerabilities or weaknesses:
- Technology weaknesses
- Configuration weaknesses
- Security policy weaknesses
Technological Weaknesses
Computer and network technologies
have intrinsic security weaknesses. These include TCP/IP protocol weaknesses,
operating system weaknesses, and network equipment weaknesses
.
Configuration Weaknesses
Network administrators or network
engineers need to learn what the configuration weaknesses are and correctly
configure their computing and network devices to compensate. Some common
configuration weaknesses are listed in Figure
.
Security Policy Weaknesses
Security policy weaknesses can create
unforeseen security threats. The network may pose security risks to the network
if users do not follow the security policy. Some common security policy
weaknesses and how those weaknesses are exploited are listed in Figure
.