Bad practices when configuring the following aspects of a network can
increase the risk of attack.
2.2.1. Insecure Architectures
A misconfigured network is a primary entry point for unauthorized
users. Leaving a trust-based, open local network vulnerable to the
highly-insecure Internet is much like leaving a door ajar in a
crime-ridden neighborhood — nothing may happen for an arbitrary
amount of time, but eventually someone will
exploit the opportunity.
2.2.1.1. Broadcast Networks
System administrators often fail to realize the importance of
networking hardware in their security schemes. Simple hardware such
as hubs and routers rely on the broadcast or non-switched principle;
that is, whenever a node transmits data across the network to a
recipient node, the hub or router sends a broadcast of the data
packets until the recipient node receives and processes the
data. This method is the most vulnerable to address resolution
protocol (arp) or media access control
(MAC) address spoofing by both outside
intruders and unauthorized users on local nodes.
2.2.1.2. Centralized Servers
Another potential networking pitfall is the use of centralized
computing. A common cost-cutting measure for many businesses is to
consolidate all services to a single powerful machine. This can be
convenient because it is easier to manage and costs considerably
less than multiple-server configurations. However, a centralized
server introduces a single point of failure on the network. If the
central server is compromised, it may render the network completely
useless or worse, prone to data manipulation or theft. In these
situations a central server becomes an open door, allowing access
to the entire network.
