Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Top Five Biggest Network Vulnerabilities: Page 2 of 5

One company left a particularly flagrant open door to its networked printers, despite locking down every other process with a virtual private network (VPN). "The reasoning was that people could print without having to deal with the VPN," Curphey says. "But the networked printers had IP addresses, making them a convenient and undefended jumping off point to the whole network."

Web servers and Web applications: The Web is usually the meeting point between the enterprise and the outside world, and it is here that many organizations leave themselves vulnerable. With Web servers sitting off the firewall in a demilitarized zone (DMZ), they can often be the ideal gateways to internal company processes, according to Curphey.

"Web servers without patches and passwords are frighteningly common," he says. "It's a lack of process, more than anything else. Organizations push these things out and someone forgets to update the software."

According to Ingevalson, three-quarters of hacker attacks are on Web servers, since "that's what's out there." This is particularly dangerous with the proliferation of Web applications.

"Some of the most serious vulnerabilities that we see are related to Web applications," he says. "Attacks have typically moved up into the application layer, and that's one of the hardest things to protect against because there's no one-size fits all solution. The danger, of course, is that Web applications typically connect attackers into your databases, and that can be a huge problem."

Unprotected mobile and off-site endpoints: Even with the edge devices and Web servers locked up, one of the most common oversights is the vulnerabilities that organizations bring inside their networks. Teenagers with zombie servers are becoming less of a threat and, as hacking becomes more criminal, Slaby says, the real hackers are finessing their ways into networks.