The network vulnerability means weaknesses in the computer network. These vulnerabilities can exist in any network device like server desktop, router, switches, etc. The three major categories of networking vulnerabilities or weaknesses are: technology, configuration and security policy. However, these vulnerabilities can be overcome by using different methods, application software, patches and reconfiguring the devices.
Many technologies are used in a computer network and these technologies may have some inbuilt security weakness. There are three basic categories of technological vulnerabilities or weakness. They are: TCP/IP protocols weakness, operating system weakness and network equipment weakness. These three categories of technology vulnerabilities are described as follows:
TCP/IP Protocols Weakness: The TCP/IP protocol weaknesses are also called as insecure protocols. A protocol defines standard rules and regulations for implementing different networking concepts and applications. Further, it is the function of protocol to specify how an application would communicate. In the OSI and TCP/IP model, there are 7 and 4 layers, respectively and each of these layers contains different protocols.
The major sources of the protocol vulnerabilities are the connection-oriented protocols as they are the most insecure. The connection-oriented protocols have states (which are the part of the connection) that trigger some events at a certain time.
Sometimes some specifications are provided to implement a protocol or to ‘esign an application. Sometimes the lack of specifications or missing the mentioned specifications by the applications also becomes the weaknesses in the protocol.
In the same way, sometimes data traffic can also become the cause of network vulnerabilities or weakness. Security policies in the network permit or denies the traffic on the network based on certain security rules. However, sometimes attackers can exploit the weakness of the security policy by breaking the security rules or bypassing the security rules, which may lead to policy violations.
TCP/IP applications and protocols like TCP, IP, FTP, HTTP, SNMP, SMTP and DNS are designed according to the specifications and standards, which have some inherent limitations and can be easily exploited.
Operating System Weakness: In a computer network, there can be various types of the operating systems that may include Microsoft Windows, Unix, IBM OS/2, Apple Macintosh, and others. All these operating systems have security issues. Some of the common weakness of operating systems are the unnecessary running services, unnecessary open ports, legacy system, incorrect permissions, etc.
Network Equipment Weakness: A computer network is designed with different types of network devices such as routers, switches and firewalls. All these devices have some security weaknesses. Some of the examples of major weaknesses in network equipment are as follows:
- Weak or default password where the user either does not use a strong password or forgets to change the default password. These default or weak passwords of the Web applications, database servers and content management system are easy to crack and can be accessed by anyone directly.
- Lack of authentication and user interface weaknesses can also break the network security.
- A firewall hole is another dangerous vulnerability where the attacker digs into a firewall rule base. These rule bases do not analyse the authenticity of the users and the configuration weakness permits the unauthorised access in the network web environment.