One of the most critical operational areas of an organization is network cybersecurity. Creating a secure, strong virtual corporate environment minimizes the likelihood of unwanted leaks and preserves the integrity of the company. In addition, ensuring the proper level of cybersecurity protects strategically important company information and resources and saves time on the work of recovering that data in the event of a theft. However, it is proper to recognize that cybersecurity is not a single-issue, single-factor phenomenon but instead reflects a multidimensional operational need that includes a large number of vulnerabilities. This paper uses the network security vulnerabilities discovered in Acme’s corporate report to find a proper response to them.
Based on Acme’s regular cybersecurity examination, experts have identified several vulnerabilities of varying degrees of risk. Mostly, these vulnerabilities relate to the use of outdated software or unreliable encryption rules, as well as the use of services that have unauthorized access to user data. For serious companies with differentiated levels of access among employees, such vulnerabilities can be critical and lead to a compromise of operational data. Unauthorized access to corporate files by attackers is an important reputation, organizational integrity, and trust issue for the company. In addition, the theft of strategically important data can lead to an operational crisis, leaving the company unable to remain viable in a competitive marketplace. The following paragraphs detail each of the ten vulnerabilities discovered and suggest a proper response based on the strategy of greatest efficiency for the business.
A low-risk vulnerability includes the use of a remote SSH server based on MAC encryption algorithms. MAC is considered a weak encryption mechanism that is initially used to provide authentication to the data source, but the cryptographic mechanism used for encryption itself is considered unreliable (CyberArk, 2021). One obvious way to solve this problem is to disable the servers using this encryption to change the tuning of the algorithm. This can either be a complete replacement of the cryptographic algorithm with a new one or adding a few lines to the code to update the security settings.
The report assessed vulnerabilities and moderate risk, the presence of which is an even more severe problem for Acme. Specifically, the assessment identified six moderate-risk vulnerabilities, covering weak port encryption mechanisms and the use of legacy software. First, the company’s web servers use default files to optimize web browser opening and speed up Internet usage. Such default files on hosts are not in themselves problematic, but their existence is associated with risks because if stolen, attackers gain access to Acme’s default files. Thus, the company should configure the removal of default files on hosts and disable all unused services so as to improve the network’s security against unauthorized access.
Second, the use of outdated SSL standards was detected, which increases the likelihood of transported data being stolen. It is worth clarifying that SSL is a classic host-to-host communication technology that ensures transmitted data is protected from third parties; even if it is stolen without the decryption key, the data would be of no value. However, Acme uses outdated versions of SSLv2 and/or SSLv3, which do not provide sufficient protection for transported data. This vulnerability is cured by updating SSL configurations and removing older versions.
Third, Acme was found to use SMTP relays on weakly encrypted hosts. In general, SMTP relays help set up email exchanges between senders and receivers. Using an inherently insecure relay leads to the possibility of unauthorized parties connecting to this exchange bridge and, as a result, the possibility of spam, phishing, and social engineering. In this case, it is recommended that they first configure strong host encryption, and update the SMTP relay configuration, if possible, to protect communications from outside access.
Fourth, the SSH network protocol, which is used to create remote desktop access and tunneling, uses weak data encryption mechanisms. This means that, if desired, an attacker can brute-force a decryption key and gain remote access to the corporate environment. Obviously, this event is strictly undesirable, as it would lead to a compromise of Acme. The solution to this problem seems obvious, namely, to use stronger encryption algorithms and discard the current ones.
Fifth, use weak encryption not only to create tunnel access but also locally on hosts. This creates a similar problem in which data can be stolen if a hacker breaks this encryption. In fact, the ciphers used do not do their job because they are not secure. To solve this vulnerability, Acme must invest in using more robust encryption algorithms with unlinked key generation. In addition, current encryption algorithms based on reliably insecure mechanisms should be disabled.
Sixth, a weak encryption key is used for communication between hosts. In particular, the TLS network encryption protocol uses only 1024 bits to generate the Di e-Hellman key, which creates risks of intercepting messages and accessing strategically important data. Fixing this problem also does not seem difficult since one should use more hard-to-guess keys consisting of more bits. For example, a 2048-bit Di e-Hellman code should be used instead of 1024, which would make TLS a more reliable tool, although it would marginally reduce the transaction time (O’Sullivan, 2021). Changing the length of this key will strengthen the encryption and protect the transported data from unauthorized access by intruders.
In addition, Acme’s cybersecurity experiment identified three critical problems whose risk level is rated as high. This characteristic means that the probability of an unwanted event occurring is extremely high for these threats, meaning Acme could suffer severe operational losses if not reactively addressed. The critical risk vulnerabilities detected were related to unprotected software and the use of outdated hosts. It is worth saying that insecure hosts are the root cause of many of the hazards listed above.
For example, Acme bases its code on Java and uses the open-source servlet container Apache Tomcat as a web server. Apache Tomcat is not a unique product of the company but a popular solution for the use of web environments, including at the corporate level. Having this open-source Apache Tomcat is also a problem, as a large number of vulnerabilities and threats are detected in this software. Company hosts using Apache Tomcat are potentially vulnerable because they can be exposed to an attack on one of the weaknesses of the container. The solution to this problem is to either update the Apache Tomcat configurations to more secure versions or abandon this container and look for more robust alternatives.
The use of default data has already been mentioned in the report, but it was previously rated as a medium risk; now, default administrator data on enterprise hosts is a critical issue because it violates the cybersecurity of the entire Acme virtual space. The default administrator data means that an attacker does not even have to pick up logins and keys because they are default. Fixing this vulnerability seems simple, which is to drop the use of default administrator data, replace it with more sophisticated data, and train network administrators not to use default values at all.
Finally, the last risk in this report was the use of unsecured authentication. It is worth saying that authentication generally meets the need to protect access to important files from unauthorized hacking, but this will only work if the user’s personal data is securely encrypted with a weak key. Acme uses weak encryption, so hackers can intercept the logged-in user’s personal data and then use it for unauthorized access. Clearly, the result of such interception would be a compromise of corporate materials, blackmail of the user, and social engineering. Fixing this critical vulnerability consists of using strong encryption systems or a complete overhaul of the authentication system with replacement of the compromised locations.
Thus, ten different network security vulnerabilities have been discovered at Acme so far, each of which can have serious consequences for the company. Supporting regular assessments is a sound strategy for identifying and proactively remediating bugs, which plays a positive role for Acme. The current level of Security Posture has been rated as five out of ten, which is not an acceptable level for a business interested in protecting its interests and files. As shown in this paper, the main areas for fixing the vulnerabilities were updating current configurations and using stronger encryption. Perhaps Acme should investigate commercial alternatives to encryption algorithms and choose the new, most secure one.
References
CyberArk. (2021). HOW-TO disable CBC ciphers and weak MAC algorithms in Unix / Linux. CyberArk. Web.
O’Sullivan, D. (2021). 2048 bit DKIM keys: Enhanced protection for your email program. SendGrid.