Data in Transit Vulnerabilities

Data in transit can be exposed to a wide range of vulnerabilities. The following is a discussion of some of these types of vulnerabilities.

Endpoint Access Vulnerabilities

The world today is a vast technological landscape with an increasing number of portable and personal devices. These endpoints include mobile devices and wireless devices such as laptops, phones, and tablets. Such devices can have complex vulnerabilities for security threats.

Endpoint vulnerabilities can be caused by three primary gaps in protection and knowledge.

GapVulnerability
User GapsA large number of endpoint security vulnerabilities arise from gaps in the user's knowledge. Attackers target users through social engineering, malicious links in emails and web pages, or installing software on endpoint devices.
Operational GapsMany corporations rely on intrusion detection technologies to protect their endpoints. Endpoint threats take advantage of detection-only security deployments to compromise vulnerabilities before corporations become aware of incidents.
Technical GapsSignature-based intrusion detection solutions cannot keep up with the constantly increasing attack surface of threats, for which there might not be available signatures.

External Storage Vulnerabilities

Users enjoy flexibility when they have convenient access to personal and business data through the use of portable external storage devices. However, as the use of portable devices to store and transfer data increases, the risk an organization faces also increases. Organizations can face challenges in protecting against data loss or unauthorized transmission. They can face obstacles that prevent the installation of drivers for devices. Organizations can also fail to prevent the installation of malware capable of using external storage devices to traverse a network.

External storage devices are an easy way for attackers to spread malware throughout an organizational network. In some cases, external storage devices possess "smart" capabilities such as wireless or Bluetooth. Attackers can use sniffing tools on public networks to take advantage of wireless capabilities to infect storage devices. In many cases, personal and external storage devices are able to bypass the security protections attached to organizationally owned equipment.

The following are best practices to assist with external storage vulnerabilities:

  • compile a list of authorized and unauthorized external storage devices
  • compile a list of authorized and unauthorized drivers
  • install host-based antivirus systems that scan external storage devices for malware
  • encrypt all data transmitted through external hard drives

Media Access Control and Ethernet Vulnerabilities

Media access control is a sublayer of the OSI model that describes how devices are connected together at the hardware level. Ethernet is a media access protocol that is traditionally used in local area networks (LANs). An Ethernet port, also known as a LAN port, is the port that connects the computer to the network. The physical connector used for this access is RJ45; it looks like a wide version of the RJ12, the connector commonly used for landline telephones. This connector plugs into a network interface card (NIC), which is also called an Ethernet card to transmit on an ethernet network. Each Ethernet card has a unique media access control (MAC) address.

A common issue with Ethernet is that it broadcasts frames, and any computer connected to the Ethernet wiring can potentially read the other frames being broadcast on the network. Akin to eavesdropping, this process of collecting and reading network transmission is called network sniffing. Network switches can help in reducing packet sniffing.

Network cables must be protected from damage and tampering; this can be done with special cable protectors. Networks are also vulnerable to attacks that attempt to pull data from frames, cause buffer overflow, or cause denial of service. These vulnerabilities are normally patched by vendors when discovered; however, finding these vulnerabilities can be challenging. A denial-of-service attack is more readily identifiable than an hacker sniffing and pulling data from frames.

Virtual Private Network Vulnerabilities

Virtual private networks (VPNs) provide an encrypted connection over a less secure network (Burke, 2016). This allows users to securely connect to an intranet from a computer that is not on the network or connect two internal sites using a gateway device.

VPNs typically mask the true IP address of the machines using the VPN. However, there are vulnerabilities that can unmask the true IP address due to port forwarding services. These vulnerabilities are conducted by attackers that have access to multiple VPN services and lure the victims to connect to another VPN service that forces the user to provide the real IP address (Vijayan, 2015).

In addition, because VPNs are dependent upon less secure connections like the internet, they can suffer from service issues from the internet service provider. If the internet is down, there is no way to connect to the VPN unless the user connects to another network with internet access. Furthermore, there are VPNs that have been exposed to vulnerabilities while switching access points inadvertently. Hackers could attack when this occurs because it could disrupt the end-to-end encryption, which normally accompanies VPNs.

References

Burke, J. (2015). Virtual private network. http://searchenterprisewan.techtarget.com/definition/virtual-private-network

Vijayan, J. (2015, December 1). Port fail vulnerability exposes real IP addresses of VPN users. https://securityintelligence.com/news/port-fail-vulnerability-exposes-real-ip-addresses-of-vpn-users/