What We Found on Vulnerability Scans

Our engineer Julian Dean reflects on recent cyber security work for clients.

Many organisations face a hidden but very real risk of cyber attack often caused by outdated software or hardware.

Cyber attackers will focus their efforts on infiltrating an internal network using any software or hardware which is public facing. Examples of these are firewalls, phone systems, CCTV cameras or portals, web applications or remote desktop services.

Firewalls are a great way to shield the internal network, however they are only as effective as their software version and configuration. If changes have been made to the internal network, there’s a risk if the firewall has not been updated at the same time.

Firewall vendors will periodically  release updates to patch known vulnerabilities, however these often require manual installation.

Regular checking of your firewall and internal network is an important step to maintaining security.

When running vulnerability scanning tools against organisations’ public external IP addresses, we found the most critical vulnerabilities were often a result of software and hardware which is no longer required. An example of this was an old phone system which was still online and not correctly decommissioned, or an old database application which should not have been available. Both examples gave attackers a path though the firewall into the internal network.

Microsoft Remote Desktop Services (RDS) is a commonly-used, public-facing service which also requires maintenance to protect against attacks. When running vulnerability scans, Nexus found out-of-date encryption services enabled, which cause well-known high-risk vulnerabilities. Due to the way in which individual uses manage their own credentials when logging onto RDS, we would always advise all user accounts to be protected using multi-factor authentication (MFA).

get in touch