Online security threats: what are they?

Most security threats are carried out by attackers using a relatively small number of vulnerabilities. Attackers, being relatively opportunistic, take the path of least resistance and continue to take advantage of these more common failures, rather than seeking new exploits or taking advantage of more difficult ones. Fortunately, in many cases, their predictability makes it easier to prevent attacks by following a few simple rules:

Apply regular updates and patches as they become available.

It employs security software and hardware such as firewalls and authentication servers.

Do not use default passwords and other values ​​provided with the software.

According to the SANS Institute (SysAdmin, Audit, Network, Security Institute), the top ten threats are:

Web servers and services. The default HTTP (Web) servers have had several vulnerabilities, and a number of patches have been released in recent years. Make sure all your patches are up-to-date and don’t use out-of-the-box configurations or out-of-the-box demo applications. These vulnerabilities can lead to denial of service attacks and other types of threats.

Work station service. An attacker can gain full control of a computer by compromising the Windows Workstation service, normally used to route user requests.

Windows Remote Access Services. By default, a variety of remote access methods are included in most systems. These systems can be very useful, but also very dangerous, and an attacker with the right tools can easily gain control over a host.

Microsoft SQL Server (MSSQL). There are several vulnerabilities in MSSQL that could allow an attacker to obtain information from a database or compromise the server. In addition to applying all the latest patches, enabling SQL Server authentication logging and securing the server at both the network and system levels will prevent most of these attacks.

Windows Authentication. Most Windows systems use passwords, but passwords can easily be guessed or stolen. Creating stronger and harder-to-guess passwords, not using default passwords, and following a recommended password policy will prevent password attacks.

Web browsers. Your window to the internet, a web browser contains many vulnerabilities. Common exploits can include the disclosure of personal information “cookies,” the execution of unauthorized code that could compromise a system, and the exposure of locally stored files. Configuring your browser’s security settings to a setting higher than the default value will prevent most web browser attacks.

File sharing applications. Peer-to-peer (P2P) programs are commonly used to share files. In a P2P system, computers are open to others in the P2P network to allow all participants to browse and download files from each other. Many companies ban the use of P2P networks due to the obvious risk of compromised data.

LSAS exposures. The Windows Local Security Authority (LSAS) subsystem has a critical buffer overflow that can be exploited by an attacker to gain control of the system. Again, proper configuration and patching will prevent most exploits.

Mail customer. Attackers can use the mail client on a computer to spread worms or viruses by including them as attachments in emails. Proper mail server configuration and blocking of attachments such as .exe or .vbs files will prevent most mail client attacks.

Instant messaging. Many companies also prevent employees from using instant messaging, not only because of technical threats, but also because of the possibility of lost productivity. Properly configuring IM, applying all the latest patches, and taking control of any file transfers that happen via IM will prevent most attacks.

---

Protect your devices with Threat Protection by NordVPN