On behalf of our customers, we have conducted a large number of vulnerability scans of their external IP addresses over the past year. We do this to identify possible vulnerabilities, which we can remedy before someone unauthorised does so!
Even though we have helped companies from vastly different industries and sizes, we often see the same vulnerabilities occurring with them.
Because of this, we have gathered the three most common vulnerabilities that we have seen so you can check if you are protecting yourself against these vulnerabilities.
We start with the most common vulnerability that we have seen in our scans.
Most often, we see an encryption configuration that supports old and vulnerable protocols, such as SSLv2/3, with weak algorithms such as 3DES, DES and NULL. The sole support for these elements is a vulnerability in this case.
The risk is that an outside agent ‘eavesdrops’ on the otherwise secure TLS connection and converts it into an unsafe SSL. The agent then connects to the server with the converted text over a weak SSLv2 connection, after which they can decode all information exchanged between server and client over time.
In general, we recommend that you turn off the unnecessary encryptions which should not be used anyway.
If you have an IIS(Internet Information Service), then this can easily be done through programs such as IISCrypto. If you are on Ubuntu, it is most commonly done in SSL configuration or whatever is available for your system. It is recommended that you find a guide that suits your needs.
Information on the best practices for encryption can be found here:
Although it seems obvious, we often encounter this issue when scanning. Typically, companies do not update their websites and servers often as they should, and this can quickly affect their security. The risk varies depending on the age and function of the service.
We recommend putting a priority on getting the affected services updated often, ideally closer to when they are released.
Then it is recommended that you establish a process for major version updates that are related to ‘end of life’ on the various services and products. That way, you can avoid the same problems in the future.
Finally, we often see cookie setups that could do with being strengthened on the server-side.
Specifically, these are missing ‘secure’ and ‘httpOnly’ flags. These flags ensure that a cookie can only be transported under secure conditions.
With the ‘secure’ flag, we ensure that a cookie is only sent via https. Without this flag, a connection can be manipulated to send a cookie with e.g. login information in clear text via http instead of encrypted https.
The recommendation is of course that you get the two flags added to the active cookies. On an IIS, these settings will have to be established in web.config, but it is recommended that you find a guide that suits your needs.
These were the 3 vulnerabilities that we have most encountered in the past year. We hope you can take these steps to keep your systems secure. If you have any questions about vulnerability scans or about your company’s information security, you are always welcome to contact us at firstname.lastname@example.org.
Join our 2000+ subscribers and sign up for our newsletter. You will receive inspiration, tools and stories about good cyber security practice directly in your inbox. Our newsletter is sent out approximately once a month.