Security policy weaknesses
Security policy weaknesses can create unforeseen security threats. The network infrastructure can pose security risks to itself if the system administrator does not follow the security policy, and best practices being used in the industry. Every organization must have a security policy and that should be enforced to all users/admin/infrastructure. Security weaknesses emerge when there is no clear-cut or written baseline security policy document.
Always follow a baseline for all infrastructure gears and networks for compliance with the policy. Systems should be in place to verify non-compliance devices. For example, if you have millions of devices in a network, it's very hard to check if all of them are matching compliances or not. However, a system like HPNA and other tools can scan a baseline set of configuration for all devices and reports can be generated.
Single password verification: There are three basic methods for authentication:
- Username and password
- One-time password
- Certificates
In the first methods, passwords are basically user defined, and certificates are computer generated and based on keys. Brute-force attacks can easily crack passwords; passwords are easy to forget and are often reused on multiple services or applications. These passwords are like symmetric keys and are stored somewhere within the service. It is the duty of the service provider to protect your password. However, on the news we also often hear that password databases are hacked and millions of passwords are leaked. The third method is based on keys and strong algorithms, but even they are not 100% foolproof as private keys can be stolen as well.
Two-factor authentication (2FA), often referred to as two-step verification, is a security process in which the user provides password information by combing two methods to verify that users are who they say they are. Two-factor authentication provides an additional layer of security by keeping half of the part of a password static in nature and the rest of the part dynamic, constantly changing after a given interval. This makes it harder for attackers to gain access to a person's devices and online accounts; knowing the victim's password alone is not enough to pass the authentication check, because a combined password is dynamic in nature and has an expiry associated with it. Two-factor authentication has long been used to control access to sensitive systems and data, and online services are increasingly introducing 2FA to prevent their users' data from being accessed by hackers who have sniffed or stolen a password.
Best practices are being followed by companies like Google. Even if you change your smartphone or browsers you get notified immediately. Companies follow methods of smart card authentication along with phone authentication in order to validate the identity of users. The banking sector distributed RSA tokens for 2FA.