5 Common Vulnerabilities that can Compromise your Network

Fortinet threat researcher, Derek Manky reminds us of the 5 common vulnerabilities you need to be aware that can compromise your network.
Today’s security appliances do a great job patrolling the network perimeter, but what do you do when the threat is coming from inside the building? Below are the most common ways a network can be compromised from inside the gateway and what to do to protect your company.
USB Devices: USB drives are the most common way to infect a network from inside a firewall. They’re cheap, hold a lot of data and can be used between multiple computer types. The ubiquity of thumb drives has driven hackers to develop targeted malware, such as the notorious Conficker worm, that can automatically execute upon connecting with a live USB port. Beyond simple thumb drives, any USB device that’s capable of storing data is a potential threat. This includes external hard drives, digital cameras, MP3 players, printers, scanners and even digital picture frames. In 2008, Best Buy reported they found a virus in the Insignia picture frames they were selling at Christmas that came directly from the manufacturer.
What to do: Change the computer’s default autorun policies. You can find information on how to do that within Windows environments here: http://support.microsoft.com/kb/967715. Implement and enforce asset control and policies around what devices can enter the environment and when. And then follow that up with frequent policy reminders. In 2008, the Department of Defense developed policies and banned USB and other removable media from entering/exiting their environments.
Laptop and Netbooks: Laptops are discreet, portable, include full operating systems and come with a handy Ethernet port for tapping directly into a network. What’s more, the said notebook may already have malicious code running in the background that is tasked to scour the network and find additional systems to infect. This notebook could belong to an internal employee or guest who’s visiting and working from an open cube or office. It’s also important to think about the laptops themselves. All companies have some forms of sensitive information that absolutely cannot leave the walls of the building. It becomes very dangerous when that information is stored on an unsecured portable computer, as they are very easy to walk off with.
What to do: Implement an encrypted file system for sensitive data. There are a number of off-the-shelf and open source solutions out there that do this. Control over end points that enter and exit the internal system is also important. Sensitive information, such as VPN, DV and Wi-Fi access should not be stored persistently on devices such as laptops or netbooks.
You can read the entire blog post here.