Security. Security? Security!
Phishing and ransomware? Unfortunately, such things are quite common.
Prevention is the best solution against cyberattacks. This is nothing new but still, until today threats are only taken seriously when it’s too late. In our next article, we want to have a professional look at the most common mistakes and highlight that there already exist methods, tools and technologies to avoid them.
Since 2001, the Open Worldwide Application Security Project (OWASP) has been sharing articles, case studies and methodologies related to security issues of IoT, system software and web applications. Thanks to this organization, we have the OWASP TOP 10 list which draws the attention of users and the industry to critical security issues.
1. Broken Access Control
Network access control and logical protection against unauthorized access
OMIKRON recommends F5’s products for controlling access to web applications. F5 BIG-IP Access Policy Manager (APM) provides features such as risk-based authentication (RBA) for external users accessing internal network resources, multi-factor authentication and enforcing Zero Trust. Furthermore, F5 BIG-IP Advanced WAF and Web App and API Protection (WAAP) products control access to vulnerable objects in web applications and manage API connections on the application layer.
2. Cryptographic Failures
Data leakage can occur due to insufficient encryption or the complete lack of encryption.
OMIKRON can use Greenbone’s vulnerability management tool to detect weaknesses related to encryption and make suggestions for their elimination.
3. Injection
It can occur if the data entry field of a particular application published on the web has not been prepared to validate the data entered, so that an SQL query can be executed or even a malicious code snippet can be run in it.
By implementing Palo Alto Networks’ Advanced Threat Prevention, OMIKRON can protect the IT environment from such attacks.
4. Insecure Design
“Security by design” is an approach to software and hardware development that seeks to make systems as impenetrable as possible through measures such as continuous testing or the detection and patching of vulnerabilities in certain program components.
OMIKRON recommends Greenbone’s vulnerability management tool which is perfectly suited for vulnerability detection and prevention.
5. Security Misconfiguration
Opening ports on a given application server that are not necessary for the proper functioning of the application running on it, but the server may be compromised due to the potential vulnerability of the service available through the port. We also talk about security misconfiguration when default user and password combinations are allowed in the case of a certain application (e.g. tomcat/tomcat) or when the server releases overly informative messages to the user during troubleshooting (e.g. application version number).
OMIKRON’s experts can help you design the security of your IT environment. In addition, F5 BIG-IP Advanced WAF and WAAP software can enhance the protection of existing web applications using various techniques (e.g. URL, filename and parameter scanning, attack signatures, etc.).
6. Vulnerable and Outdated Components
Most unauthorized intrusions are caused by vulnerabilities carried by outdated, non-updated applications and software components.
ForeScout’s CounterACT® can continuously scan IT and OT networks for vulnerable components. If necessary, it will update the outdated component, block the application in question or isolate the device according to preset rules. OMIKRON can provide effective assistance in the implementation and use of ForeScout CounterACT®.
7. Identification and Authentication Failures
Users apply weak, easily hackable passwords when accessing web applications and reuse these passwords or even share them with colleagues.
With Scirge’s password hygiene and shadow IT management system, OMIKRON can map web applications used in IT environments and weak passwords used to access these applications. Scirge can also provide targeted training on secure password usage guidelines.
8. Software and Data Integrity Failures
If an application refers to untrusted sources, extensions, libraries or modules from content delivery networks (CDNs), an unauthorized user could gain access to the system through these sources, possibly introducing malicious code. Moreover, an automatically updating application may download an update that has been previously manipulated by attackers and the application will not check the integrity of the downloaded data.
By implementing Palo Alto Networks’ Cortex XDR Cybereason’s XDR (Extended Detection and Response) system in a specific IT environment, OMIKRON can detect and prevent this type of attack.
9. Security Logging and Monitoring Failures
Without a proper logging and monitoring system, an intrusion cannot be detected in time. The later an intrusion is detected, the more damage an attacker can cause.
Using Graylog’s log management and SIEM system, OMIKRON can implement the complete monitoring of the IT environment, including API calls and the application layer.
10. Server-Side Request Forgery (SSRF)
A Server-Side Request Forgery (SSRF) involves an attacker abusing server functionality to access or modify resources. The attacker targets an application that supports data imports from URLs or allows them to read data from URLs. URLs can be manipulated, either by replacing them with new ones or by tampering with URL path traversal. Once an attacker has tampered with the request, the server receives it and attempts to read data to the altered URL.
By implementing Palo Alto Networks’ Advanced Threat Prevention, OMIKRON can protect the IT environment from server-side request forgeries.
The vulnerability and attackability of systems as well as networks are a major challenge, but they are essential in order to protect data. Contact our expert team for IT security guidance, whether it’s about an audit, a consultation or a specific issue! >>