Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Survey Highlights Alarming Trends in Insecure Network Configurations

Security vendor nCircle used brief surveys conducted during webinars to highlight the state of network configurations that utilize insecure protocols and settings. Based on the data, the saying “easier said than done” has certainly become a reality.

Security vendor nCircle used brief surveys conducted during webinars to highlight the state of network configurations that utilize insecure protocols and settings. Based on the data, the saying “easier said than done” has certainly become a reality.

Accordingly, 38 percent of the respondents to nCircle’s questioning said that they were required to run Telnet. This is just one example of poor communication implementation, which thanks to legacy systems within enterprises and SMBs, brings significant risks that are nearly impossible to get rid of.

In addition, the study revealed that 58 percent of respondents were either unaware if their organization used SSHv1 (a less secure version of SSH) or if they were required to use it. This is in addition to those who said they didn’t know if SNMP default community strings were being used, or if they were required to use them. Also, 67 percent said the same thing about TLS ciphers.

“The only plausible reason to run Telnet is because a business partner requires it,” said Andrew Storms, director of IT and security operations for nCircle. “In that case, IT professionals need to push aggressively to find another partner. There’s just no way to make Telnet secure.” 

“It’s also discouraging to see so many small businesses that aren’t sure if they have insecure settings on their networks, since we know hackers are targeting these businesses aggressively,” Storms added.

Snapshots from the survey are available here.  

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.