Top 19 Network Security Threats + Defenses for Each
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Network security threats are technological risks that weaken the defenses of an enterprise network, endangering proprietary data, critical applications, and the entire IT infrastructure. Because businesses face an extensive array of threats, they should carefully monitor and mitigate the most critical threats and vulnerabilities. There are seven major categories of network security issues that all include multiple threats, as well as specific detection and mitigation methods your teams should implement for each threat.
Table of Contents
If your enterprise network is connected to the public internet, every threat on the internet can render your business vulnerable too. Widespread, complex business networks are particularly challenging to protect; these can include edge and mobile networks as well as branch office networks and storage area networks (SANs). Typical internet threats include malicious software, malicious websites, email phishing, DNS poisoning, and DoS and DDoS attacks.
Malicious software (malware) is code designed to disturb normal or safe computing operations. When clicked, links in emails or extensions on websites immediately download malware onto a host machine. Sometimes the malware can laterally move through the network, depending on its abilities.
Use the following methods to prevent malware:
Spoofed websites are sites that look legitimate but are designed to steal internet users’ account credentials. Threat actors direct users to the site, and once the users input their credentials, the attackers collect them and use them to log into the real application.
Protect your credentials by using the tips below:
Email phishing is a technique used by threat actors to trick users into opening emails and clicking links inside them. It can include both malware and spoofed sites; there’s plenty of overlap in internet phishing threats. Email attacks typically target employees through their business email accounts.
To prevent email phishing, use these techniques:
Read more about types of phishing, including spear phishing, whaling, and smishing, in our complete guide to phishing attacks.
DNS cache poisoning, or hijacking, redirects a legitimate site’s DNS address and takes users to a malicious site when they attempt to navigate to that webpage.
Use these strategies to prevent DNS attacks:
Denial of service (DoS) and distributed denial of service (DDoS) attacks are threats that can disable machines or entire computer systems by overloading them with traffic. They’re notoriously difficult to prevent because they often come from external traffic, rather than from a threat within the network that can be located and halted while it’s in your system. Not every DoS or DDoS attack comes from internet traffic, but many of them do.
Use the methods below to protect your network from DoS and DDoS attacks:
Some older versions of network protocols have bugs that have been fixed in later versions, but many businesses and systems continue to use the older protocols. It’s best to use the most recent protocol versions to at least avoid already-known threats, especially if your industry requires a certain protocol version to stay compliant with regulatory standards. Some of the most popular network protocols include SSL, TLS, SNMP, HTTP, and HTTPS.
Secure Socket Layer (SSL) and Transport Layer Security (TLS) are both networking security protocols. Any older SSL and TLS versions than TLS 1.3 have multiple weaknesses, including the vulnerabilities that allow POODLE attacks and BEAST attacks. While TLS 1.3 may have its own weaknesses that will be discovered over time, it does fix known vulnerabilities in older TLS and SSL versions.
Use these tips to prevent threats caused by SSL and TLS:
Simple Network Management Protocol (SNMP) is a common internet protocol designed to manage the operations of networks and the devices on them. SNMP versions 1 and 2 have known vulnerabilities, including unencrypted transmissions (v1) and IP address spoofing (v2). Version 3 is the best option of the three because it has multiple encryption options. It was designed to solve v1 and v2’s problems.
Upgrade all versions of SNMP to version 3 to avoid the gaping security flaws in the previous versions.
Hypertext Transfer Protocol is an internet communication protocol that isn’t inherently secure. Hypertext Transfer Protocol Secure (HTTPS), the encrypted version of HTTP, is. All your internet connections should be encrypted, and every communication with another website should use HTTPS.
To prevent insecure HTTP connections, use these methods:
A simple misconfiguration of a network protocol or rule can expose an entire server, database, or cloud resource. Typing one wrong line of code or failing to set up routers or switches securely can contribute to configuration errors. Misconfigured network security commands are also challenging to find because the rest of the hardware or software appears to be working properly. Misconfigurations also include improperly deployed switches and routers.
Common misconfigurations include using default or factory configurations on hardware and software and failing to segment networks, set access controls on your applications, or patch immediately.
Default credentials are factory-set usernames and passwords on networking hardware and software. They’re often very easy for attackers to guess and may even use basic words like “admin” or “password.”
To prevent security issues caused by default configurations:
Network segmentation is a technology that splits a network into different sections. If a network isn’t divided into subnetworks, malicious traffic has a much easier time traveling all throughout the network, with the opportunity to compromise many different systems or applications.
Segment networks into subnetworks and create security barriers between them. Segmentation technologies involve setting policies for each network, managing which traffic can move between subnets, and decreasing lateral movement.
Misconfigured access controls happen when teams fail to securely implement access and authentication protocols, like strong passwords and multi-factor authentication. This is a significant risk to your entire network. Both on-premises and cloud-based systems need access controls, including public cloud buckets that don’t require authentication methods by default. Network users need to be both authorized and authenticated.
Authentication requires the user to present PINs, passwords, or biometric scans to help prove they are who they say they are. Authorization permits the user to view data or applications once they verify themselves and their identity is trusted. Access controls allow organizations to set privilege levels like read-only and editing permissions. Otherwise, you run the risk of a privilege escalation attack, which occurs when a threat actor enters the network and moves laterally by escalating their user privileges.
Use these tips to reduce access-related misconfiguration risks:
Network hardware and software vulnerabilities are flaws that tend to reveal themselves over time, which requires IT and network technicians to stay apprised of threats as vendors or researchers announce them.
Obsolete routers, switches, or servers aren’t able to use the most recent security updates. These devices then require additional protective controls. Other old devices, like hospital equipment, often can’t be abandoned entirely, so enterprises will likely have to set up extra security to keep them from putting the rest of the network at risk.
Use these key strategies to prevent misconfigurations caused by patch and update failures:
Your team members make mistakes, whether that’s an accidental line of code or a router password exposed for the whole internet to see. Training providers offer extensive cybersecurity courses just to mitigate the high likelihood that employees will put your infrastructure in danger.
Human error plays a large role in the majority of all data breaches — 85% of them are caused by employee mistakes, according to a study done by Stanford professor and security provider Tessian. You’ll need to watch for threats borne out of carelessness as well as deliberately malicious behavior — both are possible.
Employees make plenty of accidental security gaffes, including posting passwords on paper or Slack, letting strangers into the office, or plugging unidentified flash drives into a company computer. Sometimes they know the company’s policies but don’t want to follow them because they appear to take more time, like coming up with new passwords for every application instead of reusing them.
To reduce human error episodes:
One area of human threat that’s often overlooked is insider threats, which come from employees who intend to harm the business. Although these don’t happen as frequently, they can be even more dangerous. These insiders usually have credentialed access to a network, which makes it much easier for them to steal data.
Malicious insiders exploit proprietary information or customer data, sometimes selling it to a third party. But other insiders may just want revenge if a coworker wronged them, they were terminated, or they believe the business is making unethical decisions. Malicious insider threats are difficult to mitigate because perpetrators may hide their feelings about the company and their intentions over time. And because they often have valid credentials, their effect is harder to track.
The following practices will help your business manage malicious employee behavior:
Read more about developing a cybersecurity culture within your organization and how it reduces your vulnerability to employee mistakes.
Operational technology (OT) typically refers to hardware and software that observe and control industrial environments. These environments include warehouses, construction sites, and factories. OT allows businesses to manage HVAC, fire safety, and food temperature through network-connected cellular technology.
Enterprise Internet of Things and Industrial Internet of Things (IIoT) devices also fall under operational technology. When connected to a business network, OT can provide an open door for threat actors.
Older OT devices weren’t designed with significant cybersecurity in mind, so whatever legacy controls they had may no longer be adequate — or fixable. Initially, equipment and sensors in plants and construction sites had no internet connection, nor were they 4G- or 5G-enabled. Current OT design makes it easy for an attacker to move laterally through networks. It’s also extremely difficult to implement large-scale security for legacy OT that’s been operating longer than it’s been connected to the internet.
Operational technology often has consequences that go far beyond IT security, especially in critical infrastructure such as food management, healthcare, and water treatment. An OT breach could do more than cost money or jeopardize tech resources like a standard network breach — it could cause injury or death.
To secure your enterprise’s OT devices and networks, use these key tips:
Although virtual private networks (VPNs) are security tools designed to create a private tunnel for organizations’ network communications, they can still be breached. Your business should monitor both your direct team’s VPN use and all third-party VPN access.
VPNs are designed to protect your team’s computing sessions and associated data, like IP addresses and passwords, from prying eyes. However, they don’t always achieve that goal — VPN connections aren’t a foolproof security method and can sometimes still be hacked, especially if the VPN connection has a sudden and brief outage.
Use the methods below to mitigate VPN vulnerabilities within your organization:
When businesses give partners or contractors access to their applications using a VPN, it’s very difficult to restrict these third parties’ access to specific permissions. VPNs also don’t keep a lot of data logs to analyze later, so it’s challenging to locate the specific source of a breach if a third party does abuse their permissions.
Implement least-privilege access for contractors and other third parties, too. It’ll limit their access to sensitive business data and applications.
Over the last decade, but especially during the COVID-19 pandemic, connecting remotely to office networks and resources became a popular way to complete work from home offices and other locations. Unfortunately, untrusted networks and personal devices put business networks and systems in danger. Two major threats are Remote Desktop Protocol and Wi-Fi networks.
Remote Desktop Protocol (RDP) allows users to use one computer to interface with another remote computer and control it. In the early stages of the pandemic, RDP was one of the most common ransomware attack vectors. Attackers were able to find a backdoor through RDP’s vulnerabilities or simply brute force attack by guessing passwords. Remote access trojans also allow attackers to remotely control a machine once malware downloads onto the computer through an email attachment or other software.
To be as secure as possible, your business should phase out RDP as soon as you can. It’s no longer safe to use. If your team does still decide to use RDP, use these protective methods:
Other unsecure network connections, like unprotected Wi-Fi, allow thieves to steal credentials and then log into business applications from coffee shops and other public locations. Remote businesses have multiple methods of remote access to company resources, and it’s hard for IT and security teams to lock all of them down.
If you’re working on a network outside your home, take the following security measures:
Network threats come from an enormous variety of sources, but narrowed down, they can be traced to vectors like devices, humans, network traffic, general security operations, and maintenance failures.
Hardware sometimes has misconfigurations and outdated protocols. Devices that have been infected by malware, like routers, are a threat to the rest of the network. Also, unauthorized devices and unsecured BYOD devices on the network may not have the same security controls as authorized devices and are therefore more vulnerable.
Humans make mistakes, and network security is difficult to manage even for experts because it’s so highly intricate. It’s easy for senior engineers to misconfigure a setting, as experienced as they may be. Additionally, some insiders deliberately manipulate networks for their personal gain.
Malicious packets attempt to enter a network, requiring firewalls and other systems, like IDPS, to prevent them. Malicious traffic comes from multiple locations, so it’s challenging to secure all ports. Traffic IP addresses can be hidden, too, and threat actors can use different IP addresses to avoid network blacklists and thwart threat intelligence.
Sometimes hardware and software fail. DoS and DDoS attacks flood servers and render them unusable. Also, natural disasters and power surges destroy or temporarily take down networks. Although this isn’t a cybersecurity issue at its root, it can certainly weaken security controls, particularly if the main NGFW or other detection and prevention tools go down.
Network hardware and software need to be updated with the latest protocols and patches. Unpatched vulnerabilities on network firmware are an open door for attackers. Additionally, if IT and network admins don’t regularly perform vulnerability scans, they won’t be able to identify vulnerabilities as quickly.
The line between network security, application security, and endpoint security is hard to draw because they all affect each other immensely. In this article, we’ve focused on network threats and excluded threats that originate on applications or endpoints, such as cross-site scripting or ransomware. We define application, endpoint, and network security as follows:
However, endpoint devices and business applications still affect network security. A malware-infected computer or compromised CRM system can still lead to a network breach. These categories do overlap, but to avoid confusion, we’ve differentiated between them in this guide.
Although network threats come from many sources, enterprises need a reliable set of detection tools and techniques to pinpoint malicious behavior. Firewalls, monitoring, analytics, automation, vulnerability assessments, and deception tactics all help businesses identify threats and give their teams time to develop a solution.
Advanced network perimeter protection like a next-generation firewall can be configured to send alerts when it detects anomalous traffic. If data packets entering the network behave strangely, that’s a warning sign for IT and security teams. Threat intelligence from NGFWs is critical for identifying malicious traffic early. Some firewalls can also block well-known malicious websites. Make sure your team is consistently fine-tuning your firewalls and updating rules as needed.
Monitoring network devices and traffic helps enterprises observe patterns over a period of time. Advanced monitoring solutions like NDR are even able to scan encrypted traffic, where some threats may have slipped through the cracks.
Don’t forget to monitor IoT devices on the network — it’s not only challenging to secure IoT devices but also to identify threats from a distributed network of smart devices. Identify all device vulnerabilities and implement network traffic monitoring specifically designed for the Internet of Things. It’s important to locate the root of IoT threats before they spread further through the network.
Although firewalls and other perimeter security can identify and halt some traffic, other traffic will breach the network. Using analytics to study traffic as it moves through the network is beneficial for long-term security. A behavioral analytics solution that uses ML should be able to study ongoing traffic patterns and detect malicious behavior. NGFWs and other advanced security solutions often offer ML and behavioral analytics capabilities.
Security teams can’t study networks 24/7, but automated alerts flag malicious activity immediately after it’s detected. Machine learning and behavioral analytics platforms study patterns in network traffic data. Then automation sends email or Slack alerts to IT personnel immediately once an anomaly is detected.
Vulnerability scanners examine devices and assets and compare them against a database of known vulnerabilities to identify issues like misconfigurations and outdated software. Some scanners categorize vulnerabilities by their level of risk. Some vulnerability scanning solutions also help businesses maintain compliance with cybersecurity and data protection regulations by creating policies and rules that enforce particular standards.
Pentesting gives enterprises clear, actionable information about their network security by hiring expert hackers to find vulnerabilities in the network. These hackers identify specific areas of weakness in web-facing assets like applications, firewalls, and servers. Consider learning more about the differences between pen testing and vulnerability testing.
A computer system or application specifically designed to trap attackers is called a honeypot. For example, a honeypot could be a database set up with a tempting name, implying sensitive information is stored there. It’s designed to help teams study threat actor behavior before the threat actors get to critical assets. Other examples of a honeypot include an additional router or a firewall that protects a fake database. Some vendors offer this as deception technology.
Tight cybersecurity defenses have increased steeply in the last five years. The rise of ransomware and the sophisticated tactics of bad actors necessitate equally strong action from enterprises. No longer can IT teams and engineers sit back and hope that a firewall or good passwords will save them from the vulnerabilities that besiege their network.
Keep a close eye on all the threats mentioned above, and train your teams to detect threats and prevent them. Ensure that you don’t let little things slide — small misconfigurations or unpatched vulnerabilities can still cost the business millions of dollars if successfully exploited. It’ll take time, but commit to implementing consistent and careful cybersecurity practices within your business, and eventually network security will be an immediate and natural response to threats.