No network architecture is completely immune to unwanted intrusion. A sound security infrastructure, however, can go a long way in ensuring that potential vulnerabilities don’t exist in a system. Due to the increasing sophistication of hacking tools, the exploitation of said vulnerabilities can lead to unauthorized access control and eventual overtaking of the whole system. There are various sources from which different vulnerabilities can arise; in this article, we intend to explore some of the most important ones.

Client-side Vulnerabilities

In a typical client-server architecture (used in almost all enterprise applications) a client interacts with the services that are exposed to it by the server. Client side vulnerabilities can arise as a result of inadequate authentication and authorization on the server end. Renowned brands such as Apple, Firefox and Adobe have had some serious client side issues over the years but there are lesser expected origins of the pertinent attacks like McAfee and Symantec.

Most of the time, client side attacks occur due to the vulnerabilities caused by exposing of services at the client end. This can involve the exploitation of a network socket and the subsequent establishment of an unauthorized connection with the server. Client side vulnerabilities can also lead to severer attacks that can result in the running of malicious scripts on the server.

Removing vulnerabilities from the client side is of paramount importance in building a sound and secure network infrastructure because history has shown that they have led to the most dreadful system exploitations.

Server-based Vulnerabilities

Server-based vulnerabilities are far more frequently talked about than the client-based ones. An exploitable server is a more viable target for potential hackers as it’s a lot closer to the actual system. Compared to client-based vulnerabilities, the ones present on the server end have been subject to a lot more research. Ensuring that a server is devoid of the most rudimentary vulnerabilities, and in turn is immune to the most frequently done attacks, is one of the first duties of a network security architect. Some of the most common server based vulnerabilities are:

  1. SQL injection vulnerabilities
  2. Broken authentication vulnerabilities
  3. Cross Side scripting vulnerabilities
  4. Insecure Direct object referencing vulnerabilities
  5. Security misconfiguration vulnerabilities
  6. Sensitive data exposure vulnerabilities
  7. Vulnerabilities caused by absence of function-level access control
  8. Cross side request forgery or CSRF vulnerabilities
  9. Vulnerabilities caused by using components that aren’t properly researched about
  10. Vulnerabilities caused by invalidated forwards and redirects

Database level Vulnerabilities

Vulnerabilities occurring at the server level are dangerous but not as dangerous as the ones occurring at the database level. When the database management system or the actual views of the database are exploitable, it can lead to the eventual compromising of sensitive information. Some of the potential security threats posed by vulnerabilities occurring at the database level are:

  • Legitimate privilege abuse
  • Privilege elevation
  • Unauthorized copies of sensitive data
  • Backup data exposures
  • Excessive privilege abuse
  • Exploitation of vulnerable, misconfigured databases
  • SQL injection
  • Malware
  • Denial of service
  • Database communication protocol vulnerabilities

You can read more about the database misconfigurations and subsequent vulnerabilities in this report.

Large Scale Parallel Computing Vulnerabilities

Parallel computing has advantages that are pretty apparent to any person who knows their way around programming. While it’s good to let different computations take place at the same time, if not properly handled, parallel computing can also leave your system vulnerable to various kinds of exploitations. Some of the most famous vulnerabilities can lead to:

  • Unauthenticated access granted to a masquerade
  • Deadlocks in processing
  • Overwriting of pertinent data because of race conditions

While building an infrastructure around parallel computing, it’s of substantial importance to ensure that the integrity of the resources remains intact at all times.

Distributed System Vulnerabilities

A distributed system is a model in which different components of the same system are hosted on different machines, interlinked in a network. With the increasing efficacy of the Internet, enterprises are spending heavily on setting up distributed systems to increase the availability and efficiency of their services. However, when inadequate attention is paid to the security aspect of these systems, many vulnerabilities start arising. Some of the potential attacks on distributed system infrastructures include:

  • Passive Tap
  • Active Tap
  • Faking attacks
  • Replay attacks
  • Traffic analysis attacks
  • Accidental access attacks
  • Denial of service attacks

It is therefore recommended to make use of sophisticated encryption methodologies to ensure the security and sanctity of distributed systems. You can learn more about the potential vulnerabilities and threats in distributed systems here. In addition, this paper shares an elaborate guide on how the security of distributed systems can be ensured.

Cryptographic System Vulnerabilities

A strong cryptographic methodology can go a long way in ensuring the online security of a system, but only if their security aspects are also addressed. Among the vulnerabilities that we have discussed so far, we can safely say that the ones arising due to a faulty or obsolete cryptographic implementation can lead to the easiest pass into a system for a hacker. The following problems can lead to the pertinent vulnerabilities:

  1. Problem with the algorithm:
    • The wrong choice of algorithm (e.g., using hashing to encrypt)
    • Inaccurate use of an algorithm (e.g., usage of insecure encryption models)
    • Insecure algorithm (obsolete or cracked)
    • Inappropriate implementation of an algorithm (e.g., usage of non-standardized cryptographic techniques)
  2. Problems contingent to key management:
    • Insecure key disclosure (e.g., unencrypted keys, hardcoded keys)
    • Not updating keys periodically (excessive aging of keys)
    • Weak keys (Not generated randomly or easily decipherable)
  3. Problems relating to random number generation:
    • Sniffing
    • Usage of a poor random number generator

You can read more about the cryptographic design vulnerabilities here.

Be Safe

Section Guide

Ryan
Fahey

View more articles from Ryan

Earn your CISSP the first time with InfoSec Institute and pass your exam, GUARANTEED!

Section Guide

Ryan
Fahey

View more articles from Ryan