Bad practices when configuring the following aspects of a
network can increase the risk of attack.
A misconfigured network is a primary entry point for
unauthorized users. Leaving a trust-based, open local network
vulnerable to the highly-insecure Internet is much like leaving a
door ajar in a crime-ridden neighborhood — nothing may happen
for an arbitrary amount of time, but eventually someone exploits the opportunity.
System administrators often fail to realize the importance of
networking hardware in their security schemes. Simple hardware such
as hubs and routers rely on the broadcast or non-switched
principle; that is, whenever a node transmits data across the
network to a recipient node, the hub or router sends a broadcast of
the data packets until the recipient node receives and processes
the data. This method is the most vulnerable to address resolution
protocol (arp) or media access control
(MAC) address spoofing by both outside
intruders and unauthorized users on local hosts.
Another potential networking pitfall is the use of centralized
computing. A common cost-cutting measure for many businesses is to
consolidate all services to a single powerful machine. This can be
convenient as it is easier to manage and costs considerably less
than multiple-server configurations. However, a centralized server
introduces a single point of failure on the network. If the central
server is compromised, it may render the network completely useless
or worse, prone to data manipulation or theft. In these situations,
a central server becomes an open door which allows access to the
entire network.
