Apoyo
 
Nosotros: + 1888 720 9500
Estados Unidos: +1888791 1189
Internacional: +1925924 9500
Aus: +1800 631268
Reino Unido: 0800 028 6590
CN: +86400660 8680

Marcación interna directa: +1 408 916 9892

 

Vulnerabilidades potenciales

1. Intercepción de terceros:

Si la comunicación entre el cliente y el servidor no es segura, cualquiera que esté en el medio puede interceptar los datos que se intercambian en "texto sin formato", lo que provocará un ataque "Man in the Middle" (MITM). Esto puede resultar en la obtención de datos confidenciales, como nombres de usuario y contraseñas. Es posible que una persona atacada ni siquiera se dé cuenta de tal intrusión. Mientras tanto, el atacante puede guardar una copia de los datos para un exploit posterior.

2. Vulnerabilidad del puerto:

While it's necessary for some ports to be open to internet traffic, it is also standard practice to ensure that only the bare minimum ports are exposed. If your data is sent using HTTP, it is vulnerable and can be exploited by stealing passwords, eavesdropping, and attacks of the like. The intrusion of malicious software can open unwanted ports and close the ones that's are essential. This allows an intruder to carry out botnet attacks, denial of service attacks, etc. To counter these attacks, firewalls should be configured accordingly to restrict communication only to the ports in use. It is also advisable to use HTTPS while communicating confidential information over the network, as the attacker would need the secret key to decrypt any information he captures over the network.

3. Password compromise and data breaches due to a poor password policy:

If logon credentials are bypassed then attackers can gain access to virtually everything that the end user does including viewing the whole webpages, stealing cookies such as auto fill form data, browsing history etc, and even hijacking Windows accounts rendering them inactive but for a trade-off. Weak passwords can be easily compromised. Brute force attacks are when an automated application by a hacker makes multiple guesses (by permutations and combinations) to compromise weak passwords. A strong password, (i.e.) that is long and has a complex combination of alpha, numeric and special characters make it difficult for hackers to hack passwords. If a company’s network-attached storage (such as servers) is accessible without a password, or data is accessible between computers on a network without the need for authentication, huge volumes of records could be stolen. If a strong password policy is not in place, it can cause an irreversible loss of corporate data.

4. Malicious code injection by hackers:

Bugs in network related software can be exploited by breachers for injection of malicious codes. This is called cross site scripting. This allows for a backdoor entry for hacking vectors which, once installed, allows remote code execution that can disrupt normal services, steal your credentials and/or cause your system to be part of series of botnet attacks on other computers in the network.

ManageEngine's ADAudit Plus takes utmost care to ensure that it is secure from potential vulnerabilities. Following are the specifications of ADAudit Plus which hardens security against various attacks to prevent data breaches.

ADAudit Plus cuenta con la confianza de