All geek questions in one place

Where are the real risks in network security?

At any time, username and password authentication is used, the common wisdom is to protect the transport of this data using encryption (SSL, HTTPS, etc.). But this makes endpoints potentially vulnerable.

Realistically, what is at greater risk of invasion?

Transport layer: Compromised with wireless packet sniffing, malicious listening, etc.

Transport devices: Risks include ISPs and Internet backbones that sniff data.

End user device: Vulnerable to spyware, key loggers, shoulder surfing, etc.

Remote Server:. Many unmanaged vulnerabilities, including malicious operators, hacks that lead to data theft, physically damaging servers, backups stored in insecure places, and much more.

My gut reaction is that while the transport layer is relatively easy to secure with SSL, the risks in other areas are much, much greater, especially at the endpoints. For example, at home, my computer connects directly to my router; from there it goes straight to my Internet service provider routers and to the Internet. I would rate the risks at the transport level (both software and hardware) low to nonexistent. But what is the security for the server I'm connected to? Have they been hacked? Is the operator collecting usernames and passwords, knowing that most people use the same information on other sites? Similarly, was the computer infected with malware? This seems like a much greater risk.

My question is this: should I worry if the service I'm using or developing is not using SSL? Of course, these are low-hanging fruits, but there are much more fruits higher.

+4
source share
4 answers

The biggest goal of network security is the Remote Server . In the case of a web browser and an HTTP server, the most common threats are XSS and XSRF. Remote servers are succesful targets for other protocols, as they often have an open port, accessible all over the world.

XSS can be used to circumvent policies of the same origin . This can be used by a hacker to disable xmlhttprequests in order to steal data from a remote server. XSS is widespread and searchable by hackers.

Cross Site Locations (XSRF) can be used to change the password for an account on a remote server. It can also be used for hijack mail from your gmail account . Like XSS, this type of vulnerability is also widespread and easy to find.

The next biggest risk is the Transport Layer , but I'm not talking about TCP. Instead, you should worry more about other network layers. For example, OSI layer 1, a physical layer such as 802.11b. The ability to sniff out wireless traffic at your local cafe can be incredibly rewarding if apps don't use ssl. A good example is the Wall of Sheep . You should also worry about the OSI 2 layer, the data link layer, spoofing ARP can be used to sniff a wired network, as if it were wireless. Layer 4 OSI can be compromised with SSLStrip . Which can still be used to undermine the TLS / SSL used in HTTPS.

The next option is the final device . Users are dirty, if you each come across one of these "Users", ask them to take a shower! Seriously, users are dirty because they have a lot: Spyware / Viruses / Bad Habits.

Last update Transport devices . Don't get me wrong, this is an incredibly juicy target for any hacker. The problem is that serious vulnerabilities were discovered in Cisco IOS, and nothing really happened. One router did not have a large worm. In the end, it is unlikely that this part of your network will be directly compromised. Although, if the transport device is responsible for your safety, as in the case of a hardware firewall, then incorrect configurations can be destructive.

+1
source

Do not forget such things as:

  • leave sessions offline unattended
  • sticky passwords
0
source

The real risk is a dumb user.

  • They leave their terminals open when they go for lunch.
  • Trustingly in front of any service that performs the "service".
  • Saving passports and code phrases on notes near the computer.
  • In large numbers, someone will someday install the following Killer (TM) application, which will remove the network.

Through users, any of the risks you listed can be achieved through social engineering.

0
source

Just because you think that other parts of your messages may be unsafe does not mean that you should not protect bits that you can protect as much as you can.

What you can do is:

  • Protect your own end.
  • Give your message a good shot of the surviving internet by wrapping it warm.
  • try to make sure the other end is not an imposter.

Transportation is a lot more people can listen to than at any other stage. (While you enter the password, there can be a maximum of 2 or 3 people, but dozens can be connected to the same router, making a man-in-the-middle attack, hundreds can sniff your Wi-Fi packets)

If you do not encrypt your message, then someone along the way can get a copy.

If you communicate with a malicious / negligent endpoint, you have problems no matter what security you use, you need to avoid this scenario (authenticate them to both you and you (server-certificates))

None of these problems have been resolved, or anywhere near. But going out there is hardly a solution.

0
source

Source: https://habr.com/ru/post/1305603/

More articles:


All Articles