|
Even when a software product is patched and on the latest version, an incorrect setup or configuration can still create vulnerabilities that can be exploited. This refers mostly to server-side software products, but can apply to client software products as well. |
•Default settings in software products often don't prioritize security. Attackers can analyze popular software products and take advantage of this.
•Insecure or default passwords offer an easy way to for attackers to get unauthorized access to a software suite.
•Unnecessary open ports and unnecessary features increase the attack surface and may provide an additional attack vector.
•Similar to insecure passwords, overly permissive and incorrect access control may grant users unnecessary permissions.
•No or insufficient logging may make it impossible to detect configuration changes, failed logins and other critical activity.
•Other risks include missing security features, lack of encryption and other human errors
EventSentry Benefits |
||
Unnecessary Ports Port monitoring identifies new ports that applications are listening on. All open ports in the entire network can be queried to identify unnecessary TCP ports. |
||
Insufficient Logging Log files can be monitored in real time so that critical log data can be alerted on in real time. |
||
