Bad practices when configuring the following aspects of a network can
increase the risk of attack.
A misconfigured network is a primary entry point for unauthorized
users. Leaving a trust-based, open local network vulnerable to the
highly-insecure Internet is much like leaving a door ajar in a
crime-ridden neighborhood — nothing may happen for an arbitrary
amount of time, but eventually someone exploits
the opportunity.
System administrators often fail to realize the importance of
networking hardware in their security schemes. Simple hardware such
as hubs and routers rely on the broadcast or non-switched principle;
that is, whenever a node transmits data across the network to a
recipient node, the hub or router sends a broadcast of the data
packets until the recipient node receives and processes the
data. This method is the most vulnerable to address resolution
protocol (arp) or media access control
(MAC) address spoofing by both outside
intruders and unauthorized users on local hosts.
Another potential networking pitfall is the use of centralized
computing. A common cost-cutting measure for many businesses is to
consolidate all services to a single powerful machine. This can be
convenient as it is easier to manage and costs considerably less
than multiple-server configurations. However, a centralized server
introduces a single point of failure on the network. If the central
server is compromised, it may render the network completely useless
or worse, prone to data manipulation or theft. In these situations,
a central server becomes an open door which allows access to the
entire network.
