Top 5 Most Common Network Vulnerabilities: lack of network segregation

Advania - Top 5 common network vulnerabilities
Posted On
Written by
Duration of read
3  min
Share Article
Subscribe via email

Lack of Network Segregation

Among the range of services we provide at Advania, penetration testing is a popular choice with our clients, from blue chips to SMEs. Regardless of their security posture, our testers regularly record the same issues.

In this blog, we share what those issues are alongside straightforward guidance to avoid them, highlighting the importance of network segregation on the internal domain. Suggestions for further reading are at the foot of this post.

Want to know more? Get in touch with one of our experts today

Flat networks – what can go wrong?

On many engagements, we observe clients who have invested thousands of pounds in external firewalls and intrusion software, but have left their internal network quite flat. In one instance, it was possible for computers in the demilitarized zone DMZ (i) to access all other systems on the network, and vice-versa, completely defeating the purpose of the isolated segment.

Another example was a poorly protected guest Wi-Fi network. Owing to a missing firewall rule, it allowed entry to an internal range. While not immediately obvious, an attacker would have the ability to scan the internal range and identify/fingerprint running services.

Your security is only as strong as your weakest link

Depending on how hardened exposed servers are, it’s not improbable for a service to be exploited, creating a foothold for an attacker.

When it comes to security, the overall stance is as good as the weakest link. Top of the range firewalls are no use if someone can sit in a cafe across from your office, connect to your guest Wi-Fi and enumerate your internal assets.

The tale of a stolen password

Even if external attacks are mitigated, there’s always the possibility of an internal threat actor attempting to access information they’re not authorised to.

Consider the following scenario: an employee wants to access bid information for an upcoming project. They can browse to the bid management portal, but don’t have valid credentials. However, they know that one of the account managers keeps passwords in a notebook and usually takes a walk during lunch.

Armed with the password, the internal attacker logs on to the bid portal and copies sensitive information to a USB stick. Although detailed audit logs are available, it will take some time to piece everything together.

The situation may have been prevented if financial servers were not directly accessible from the main office network. In addition, security awareness training would stop employees writing down their passwords. 

Conclusions and network segregation advice 

It’s recommended to have specific network segments for different purposes, and keep inter-connectivity on a ‘need-to-access’ basis. If servers used for financial reporting are accessible from your reception’s guest Wi-Fi, or even from the general office network, it will be difficult to contain a data extraction situation. The consequences to your business could be significant.

(i) DMZ demilitarized zone – Wikipedia

Recommended further reading on Information Security 

Best Practices for Network Segmentation

SANS – Secure Network Design: Micro Segmentation

Network Segmentation Tools for a Multi Layered Security Approach

Sign up to receive insights from our experts

Get the latest news and developments from Advania delivered to your inbox

Other blog articles that might interest you

Driven by client success

We’re proud to work with the some of the most ambitious and innovative organisations.

Sign up to receive insights from our experts

Get the latest news and developments from Advania delivered to your inbox.