| Finding Category Name | General Finding Name | Description | Standard Remediation | References | Resources | Severity |
|---|---|---|---|---|---|---|
| Active Directory Weakness | Credential Management Weakness | Credential management weaknesses include weak organizational password policies. Credentials can be mismanaged through weak service or administrative account password policies, including the reuse of passwords, insecure configurations, or authentication mechanisms. Attackers can list and decrypt stored credentials using manual and automated tool sets and use credentials gathered from a weak domain to escalate privileges and move across the domain. | Ensure low-privileged users have strong passwords. Implement multifactor authentication (MFA) for all user accounts. Ensure that encryption mechanisms are consistent with existing password policies. | https://adsecurity.org/?p=2398 | Medium | |
| Active Directory Weakness | Insecure Account Configuration | Insecure account configuration is when accounts within the domain are configured improperly or insecurely. This insecure configuration can consist of unused user and computer accounts and privileged accounts with unnecessary administrator privileges or permissions. Improperly configured accounts allow attackers to conceal malicious activities in benign accounts to perform privilege escalation, lateral movement, and/or persistence. | Identify and remove unnecessary service or user accounts and maintain access logs. Maintain a consistent account management strategy and secure accounts following the principle of least privilege. Monitor and audit for privilege creep. Implement Local Administrator Password Solution (LAPS) to manage local administrator accounts. Enforce strong, unique passwords for local administrator accounts. Limit and secure the use of domain administrators and privileged groups. | https://petri.com/microsoft-defender-for-identity-detect-insecure-domain-configurations/ https://activedirectorypro.com/active-directory-security-best-practices/ | Medium | |
| Active Directory Weakness | Insecure Active Directory Configuration | Microsoft’s Active Directory (AD) is one of the most widely used organizational technologies for the administration of groups and users within networks. It is a central management interface for Windows domain networks and is used for authentication and authorization of all users and machines. Insecure configurations can occur as a result of an insufficient or insecure configuration management process or the use of default configurations. | Review and adjust default configuration management policies to fit organizational needs and consistently update domain accounts and groups. Ensure AD hardening best practices are followed. | https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc781408(v=ws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc779033(v=ws.10) https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc758535(v=ws.10) | High | |
| Mobile Technology Weakness | Insecure Mobile Access Control | Access control weaknesses make it difficult to enforce policies that govern who can access resources and perform certain requested actions. This weakness can be addressed by authentication and session management. There are several access control methods (e.g., location-based, parameter-based, user-based, and referrer-based) that can be circumvented and are considered to be insecure. These control method weaknesses can lead an attacker to disclose unauthorized information, tamper with data, force browsing, conduct privilege escalation attacks, or perform distributed denial-of-service (DDoS) attacks. Successfully exploiting these vulnerabilities can compromise the confidentiality, integrity, and availability (CIA) of the organization's applications or information systems. | Regularly audit and test access controls (and any third-party tools used). Deny access to resources by default if they are not intended to be publicly accessible. Use a single, central interface for application-wide access controls. Handle access controls on the server side, and never rely on obfuscation alone. Enable role-based access controls, and record the use and ownership of mobile devices. | https://portswigger.net/web-security/access-control https://crashtest-security.com/broken-access-control-prevention/ | High | |
| Mobile Technology Weakness | Insecure Mobile Authentication | Insecure authentication allows unauthorized users to obtain access to data and execute the functionality of a device without proper permission. Mobile devices often use weak authentication, such as four-digit personal identification numbers (PINs). Mobile apps differ from web apps and sometimes use offline authentication. If an authentication scheme is weak or missing, an attacker can bypass the offline authentication and anonymously execute functions on the backend server used by a mobile application. These characteristics of mobile apps makes it nearly impossible to detect the nature and source of the attack and learn how to prevent future attacks. Authentication failures can also expose authorization failures because the identity of the user is not known, and, by extension, the unknown user’s role and permissions are unknown. Insecure authorization can also allow unauthorized data access and data theft and can result in reputational damage. | Avoid storing data locally on mobile devices since a simple jailbreak attack can bypass authentication routines. Authenticate requests on the server side whenever possible. Ensure that “Remember Me” features never store passwords on the user’s device. Discourage users from using four-digit PINs as authentication passwords. | https://owasp.org/www-project-mobile-top-10/2016-risks/m4-insecure-authentication | https://www.nextauth.com/mobile-app-authentication/ https://owasp.org/www-project-mobile-top-10/2016-risks/m4-insecure-authentication https://mobile-security.gitbook.io/mobile-security-testing-guide/general-mobile-app-testing-guide/0x04e-testing-authentication-and-session-management |
High |
| Mobile Technology Weakness | Mobile Cryptographic Weakness | Mobile cryptographic weakness is seen in mobile applications that leverage encryption. There are two parts to this weakness. First, the encryption/decryption algorithm used for the mobile application could be implemented improperly, allowing the adversary to exploit the weakness and decrypt sensitive data. Second, the encryption/decryption algorithm used for the mobile application could be implemented properly, but the algorithm itself is weak in nature, allowing the adversary to directly decrypt the sensitive data. | Apply strong cryptographic standards that will continue to withstand the test of time (i.e., at least 10 years in the future). Avoid storing sensitive data on mobile devices wherever possible. Apply and follow cryptography-based frameworks (e.g., National Institute of Standards and Technology [NIST] guidelines on recommended algorithms). Audit and refresh security applications and frameworks regularly. | https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography https://owasp.org/www-project-mobile-top-10/2014-risks/m6-broken-cryptography https://www.privacyend.com/cryptography-vulnerabilities/ | Medium | |
| Mobile Technology Weakness | Mobile Design Weakness | Mobile applications can be susceptible to vulnerabilities due to insecure design and a lack of architectural best practices. Such weaknesses could impact the confidentiality, integrity, and availability (CIA) of the application's data and functionality. An attacker can successfully exploit design vulnerabilities when an application insufficiently encrypts data and communication, lacks binary protections, uses insufficient authorization and authentication, uses insufficient cryptography, and more. These weaknesses can result in data exposure and unauthorized access to the device. | Test for vulnerabilities and use frameworks and guidelines (e.g., National Institute of Standards and Technology [NIST]) to apply best practices, controls, and secure coding techniques needed to secure mobile applications. | https://owasp.org/www-project-mobile-top-10/ https://blog.rsisecurity.com/nist-guidance-on-mobile-security/#:~:text=The%20stated%20goal%20of%20the%20NIST%20report%20is,This%20protects%20both%20personal%20information%20and%20trade%20secrets. | Medium | |
| Phishing Weakness | Email Spoofing Susceptibility | In email spoofing, attackers can spoof display names, domain names via vulnerable Simple Mail Transfer Protocol (SMTP) servers, lookalike domains (e.g., @customer-support.com versus customer-supp0rt.com). Attackers can bypass compromising accounts and instead exploit the fact that most users do not check email headers. SMTP by itself is considered insecure since it can permit unauthorized access. Additional authentication protections, such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication Reporting & Conformance (DMARC), and Secure/Multipurpose Internet Mail Extensions (S/MIME), can be configured to secure SMTP from email spoofing. Further, connections to SMTP servers may not use a block list to filter access by Internet Protocol (IP) address. | Remove default configurations. Implement SPF, DKIM, DMARC, and S/MIME in combination with SMTP servers. Ensure that connections to SMTP servers are filtered and monitored. Implement IP allow and/or block lists to control access to servers. | https://cybernews.com/secure-email-providers/email-spoofing/ | Medium | |
| Phishing Weakness | Open Mail Relay | An Open Mail Relay is a Simple Mail Transfer Protocol (SMTP) server that is configured to allow anyone on the Internet to send email through it without being authenticated. These servers can be misconfigured or use hardware or software that is no longer supported by the vendor. These servers pose a security risk because after support ends, vendors typically do not provide patches for vulnerabilities. Since they can be difficult to secure, these devices can be vulnerable to attack. An attacker can exploit these vulnerabilities to gain remote control of the targeted system and attack additional network resources. | Close the mail relay by configuring mail servers to require authentication and send mail only from known Internet Protocol (IP) addresses or domains. Manage supported systems and applications that are no longer supported by the vender. Use supported operating systems and applications to reduce the risk of an attacker exploiting unpatched vulnerabilities. | https://www.duocircle.com/content/mail-relay-smtp/open-mail-relay https://www.techrepublic.com/article/prevent-open-relays-on-exchange-server/ |
https://www.duocircle.com/content/mail-relay-smtp/open-mail-relay https://www.techrepublic.com/article/prevent-open-relays-on-exchange-server/ |
High |
| Phishing Weakness | Social Engineering Susceptibility | Social engineering is the act of deception and manipulation by an individual or group to disclose confidential or personal information for malicious purposes. Attackers use social media and online research in combination with behavioral techniques to target individuals who may have information or access to systems the attacker wants. Because attackers use behavioral techniques, the success of their social engineering campaign depends on the susceptibility of everyone in an organization. Examples of the behavioral techniques that attackers use include urgency, helpfulness, fear, and appealing to authority. Some actions that can make an individual or organization more susceptible to social engineering include oversharing on social media, lack of security knowledge, and being overly curious. | Implement employee cybersecurity awareness training that covers well-documented policies and best practices. Ensure that security controls are in place to reduce the number of opportunities available for social engineering tactics to be used. Conduct regular social engineering simulations and create an environment that allows employees to openly discuss these tactics and their experiences with them. | https://www.ncwriskmanagement.com/blog/2020/06/social-engineering-and-ways-to-mitigate-susceptibility https://www.social-engineer.org/newsletter/socially-engineered-humans/ https://blog.usecure.io/employee-social-engineering | High | |
| Phishing Weakness | Unblocked Malicious Code | An email can include or link to a malicious payload that can be triggered when a user takes an action. An attacker can then run additional processes; steal personally identifiable information (PII); or impersonate the user to add, modify, or delete files on the victim’s machine. | Regularly analyze border and host-level protections, including spam-filtering capabilities. Ensure these protections continue to effectively block the delivery and execution of malware. | https://www.zdnet.com https://insights.sei.cmu.edu/insider-threat/2016/12/defending-against-phishing.html |
https://www.zdnet.com https://insights.sei.cmu.edu/insider-threat/2016/12/defending-against-phishing.html |
High |
| System or Service Weakness | Insecure Protocol Implementation | If a network allows insecure protocols to transmit data (e.g., using outdated protocol versions or insecure conditions within protocols), the network becomes vulnerable to attacks that include machine-in-the-middle (MITM), replay, denial of service (DoS), and sniffing. Successfully exploiting vulnerabilities of insecure protocols allows an attacker on the network to obtain access to sensitive information or modify transmitted data. | Use a secure version of the protocol, or switch to a secure alternative. | https://portswigger.net/kb/issues/01000200_unencrypted-communications https://www.geeksforgeeks.org/14-most-common-network-protocols-and-their-vulnerabilities/ | Medium | |
| System or Service Weakness | Insecure System or Service Configuration | Insecure system or service configurations can be found in the established security settings of a system or service. Misconfigurations of systems and services allow attackers to exploit them and gain unauthorized access or control of sensitive information. An attacker can abuse host misconfigurations through unchanged default settings, improper directory or file permissions, misconfigured certificate and encryption settings, unpatched applications or systems, etc. An attacker can also abuse database misconfigurations through unrestricted ports, public storage access, unencrypted files and backups, failure of real-time database monitoring, etc. | Run security checks to verify proper hardening measures are completed on new technology before it is used (e.g., enforce the principle of least privilege, apply updates to databases, apply operating system [OS] patches and updates, and avoid installing unnecessary software on a server). Audit the security of applications, software, and services regularly. Ensure passwords are regularly updated and multifactor authentication (MFA) is used on user and administrator accounts. Change default passwords for applications, OSs, routers, firewalls, wireless access points, and other systems. Protect information stored on systems with database-specific access by enforcing the principle of least privilege. Use real-time database monitoring and password management to improve database security. | https://www.datto.com/blog/what-is-a-configuration-vulnerability https://www.imperva.com/learn/data-security/database-security/ https://www.beyondtrust.com/resources/glossary/systems-hardening | Medium | |
| System or Service Weakness | System Access Control Weakness | Users on a network system can act outside of their intended permissions when network systems are not partitioned and configured to perform adequate authentication and permissions checks. This weakness can increase the attack surface and grant users unintended access to critical files, directories, and resources. An attacker can exploit these vulnerabilities to access and modify privileged data or critical resources. As a result, this access by attackers leaves the system vulnerable to additional attacks (e.g., malware injection, privilege escalation). | Set the permissions of all files and directories properly so that unauthorized users cannot access critical resources. Partition the network into smaller networks that quarantine critical servers and/or hosts. Develop and enforce a ruleset for controlling the communications between specific hosts. Ensure critical data and services are configured to allow access only to explicitly authenticated users. | https://owasp.org/Top10/A01_2021-Broken_Access_Control/ https://www.cyber.gov.au/acsc/view-all-content/publications/implementing-network-segmentation-and-segregation | Medium | |
| System or Service Weakness | Unnecessary Network Services | Network services allow computers to communicate with one another. Active but unused network services might contain undiscovered or unreported (and exploitable) security vulnerabilities. An attacker can exploit these vulnerabilities to gain remote control of the targeted system and use that access to attack additional network resources. | Ensure that only ports, protocols, and services with validated business needs are running on each system. Conduct periodic network scans to ensure that unnecessary ports, protocols, and services are not enabled. | https://www.cert.govt.nz/it-specialists/guides/unused-services-and-protocols/disabling-unnecessary-services-and-protocols/ | https://www.cert.govt.nz/it-specialists/guides/unused-services-and-protocols/disabling-unnecessary-services-and-protocols/ | High |
| System or Service Weakness | Unpatched System or Service | If the latest patches are not applied, a system or service can be vulnerable to attacks using publicly available exploits. Patches and updates are released to address existing and emerging security threats and to address multiple levels of criticality. | Enforce consistent patch management across all systems and services on the network. Where patching is not possible, segregate the network to limit the exposure of vulnerable systems or services. If available, deploy automated patch-management and software-update tools for operating systems and software/applications on all systems. | High | ||
| System or Service Weakness | Unsupported OS or Application | Using application hardware or software or an operating system (OS) that is no longer supported by the vendor poses a security risk because after support ends, vendors typically do not patch new vulnerabilities. Because they can be difficult to secure, these devices are vulnerable to attack. An attacker can exploit these unpatched vulnerabilities and access a system. The attacker can use that access to attack and compromise network resources. | Evaluate unsupported hardware and software and discontinue it where possible. If discontinuing the use of unsupported hardware and software is not possible, implement additional local and network protections to mitigate the risk. | https://docs.microsoft.com/en-us/services-hub/health/remediation-steps-ad/upgrade-computers-running-an-unsupported-operating-system | https://docs.microsoft.com/en-us/services-hub/health/remediation-steps-ad/upgrade-computers-running-an-unsupported-operating-system https://www.triaxiomsecurity.com/the-dangers-of-running-an-unsupported-operating-system/ |
High |
| Web Application Weakness | Injection Weakness | An application that does not properly handle user data can be vulnerable to malicious injection. Improper input handling can occur when functions like validation, sanitization, filtering, encoding, and/or decoding of input data are not implemented correctly. Improper output handling can take various forms within an application (e.g., protocol errors, application errors, and data-consumer-related errors). Improper data handling can allow an attacker to extract sensitive information from an application or inject a malicious script that enables further data mining or privilege escalation, among other remote code execution (RCE) attacks. | Ensure the application is performing server-side validation and client-side validation. Implement filtering and sanitization methods for both input and output data. Ensure output filtering and sanitizing are consistent throughout the application. Test applications internally to discover undesirable actions. Parameterize queries if using databases. | http://projects.webappsec.org/w/page/13246933/Improper%20Input%20Handling http://projects.webappsec.org/w/page/13246934/Improper%20Output%20Handling https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html | Medium | |
| Web Application Weakness | Insecure Web Application Configuration | If a server, application, or Extensible Markup Language (XML) processor is misconfigured or left in a default configuration, it can result in vulnerabilities that allow an attacker to exploit configuration weaknesses. These vulnerabilities can come with unnecessary defaults or services that can enable an attacker to bypass authentication methods, access sensitive information, or execute malicious code, among other exploits. | Review the security configurations of the affected applications and servers and apply them as needed. Minimize and remove unnecessary features and software to reduce possible attack vectors. Patch or upgrade all XML processors and libraries in use by the application or on the underlying operating system. Establish a repeatable automated hardening process that installs and validates the configurations and settings in all environments. | http://projects.webappsec.org/w/page/13246959/Server%20Misconfiguration https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration | https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html | Medium |
| Web Application Weakness | Web Application Authentication Weakness | If a system does not sufficiently use procedures to ensure the identity of its users, it can be vulnerable to exploits that allow an attacker to impersonate legitimate users. This weakness can allow an attacker to execute functions or obtain sensitive information without being required to properly authenticate. This system weakness can allow an attacker to guess a user’s credentials due to a weak password or use an automated script to brute force a user’s credentials without detection. It can also allow an attacker to circumvent an application's password-recovery system and exploit insufficient session-management vulnerabilities to hijack or steal a valid session identifier (ID) to impersonate a user. | Implement a Completely Automated Public Turing test to Tell Computers and Humans Apart (CAPTCHA). Enforce a strong password policy and use multifactor authentication (MFA) for all applications. Remove or change the use of default credentials. Establish a secure password-recovery system, such as a lockout policy that blocks and logs an Internet Protocol (IP) effectively after a certain number of failed login attempts. Implement proper session ID security controls. | http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation http://projects.webappsec.org/w/page/13246939/Insufficient%20Authentication https://www.invicti.com/blog/web-security/how-to-avoid-authentication-and-authorization-vulnerabilities/ http://projects.webappsec.org/w/page/13246942/Insufficient%20Password%20Recovery https://cwe.mitre.org/data/definitions/640.html https://www.acunetix.com/blog/web-security-zone/what-is-session-fixation/ | Medium | |
| Web Application Weakness | Web Application Access Control Weakness | Users can act outside of their intended permissions if adequate checks are not established and maintained. An application with access control weaknesses can be vulnerable to privilege elevation, user impersonation, and data manipulation threats. An attacker can exploit these vulnerabilities to access and modify privileged data or resources. If an attacker accesses these privileged resources, the application is vulnerable to additional attacks. | Ensure that application security access controls are effective by forcing requests through a verification layer, such as a filter. Enforce the principle of deny by default, and follow the principle of least privilege as part of the access control configuration. Integrate logging features where appropriate. Disable the display of directory listings and file metadata in web roots. | http://projects.webappsec.org/w/page/13246932/Improper%20Filesystem%20Permissionshttp://projects.webappsec.org/w/page/13246940/Insufficient%20Authorization https://www.invicti.com/blog/web-security/how-to-avoid-authentication-and-authorization-vulnerabilities/ https://owasp.org/Top10/A01_2021-Broken_Access_Control/ https://owasp.org/www-project-proactive-controls/v3/en/c7-enforce-access-controls | Medium | |
| Web Application Weakness | Web Application Cryptographic Weakness | The incorrect use of encryption algorithms can result in key leakage, broken authentication, spoofing attacks, and insecure sessions. A system using weak encryption algorithms (e.g., Message-Digest Algorithm 5 [MD5], Secure Hash Algorithm 1 [SHA-1], Rivest Cipher 4 [RC4]) allows attackers to conduct machine-in-the-middle (MITM) attacks to modify private data or retrieve password hashes for use in cracking attacks. | Do not apply weak or deprecated cryptographic algorithms. Avoid using homegrown encryption algorithms. Instead, use the algorithms defined in guidelines published by the National Institute of Standards and Technology (NIST). Apply Transport Layer Security (TLS) version 1.2 or higher to transport channels that the application uses to transmit sensitive information. Use certificates signed by a trusted certificate authority (CA) provider to apply Secure Sockets Layer (SSL) to transport channels. | https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography http://projects.webappsec.org/w/page/13246945/Insufficient%20Transport%20Layer%20Protection https://owasp.org/www-project-mobile-top-10/2014-risks/m3-insufficient-transport-layer-protection | https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html https://owasp.org/Top10/A02_2021-Cryptographic_Failures/ | Medium |
| Web Application Weakness | Web Application Design Weakness | The design of a web application is the structure of the application; a weak design can gravely impact an application's security. The design involves the communication between the server and client and the interactions among the databases, middleware systems, and applications to ensure its smooth operation. Vulnerabilities in an application's design can lead to attackers compromising the confidentiality, integrity, and availability (CIA) of the application and its data/information. | Secure the design of a web application based on that application's requirements, use, and functionality. Continually test and audit the application against security standards and frameworks used in the organization. Apply best practices for web application security including server-side validation, secure communication (for data at rest and data in transit), and logging. | https://www.synopsys.com/blogs/software-security/attributes-of-secure-web-application-architecture/ https://stackify.com/web-application-architecture/ | Medium | |
| Wireless Technology Weakness | Insecure Wireless Authentication | Insecure wireless authentication is a vulnerability where an organization fails to secure its wireless network’s access points. An insecure wireless authentication method can allow an attacker to bypass the weak security it offers. This weakness increases the attack vector to allow attackers to gain a foothold in the organization’s network and cause damage to its assets. |
Use firewalls and restrict the access of wireless authentication to the network. Continuously audit and test the authentication methods to verify that they match the organization's requirements and standards (e.g., certificate validation). Whenever possible, reinforce authentication controls on the server side. Configure the authentication types used in the organization's network and attach them to the Service Set Identifiers (SSIDs). | https://www.cisa.gov/uscert/ncas/tips/ST05-003 https://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SecurityAuthenticationTypes.html | Medium | |
| Wireless Technology Weakness | System Management Weakness | System management establishes policies, standards, and procedures to protect and improve the information security (in this case wireless security) of the organization. Weak system management can result if the wireless network is not continuously monitored or managed by system administration, if wireless security procedures are not in place to protect all access points on the network, and if insecure default policies or configurations of wireless devices and security controls are used on the network. | Establish policies and procedures that identify organization's the wireless technology assets. Define measures for threat/risk mitigation. Set encryption standards. Check the effectiveness of the policies, controls, and procedures in place (e.g., audits and continuous monitoring). Ensure the system administrator manages and continuously improves the system based on the new risks or vulnerabilities identified to its wireless security. | https://www.researchgate.net/publication/228864040_Wireless_Network_Security_Vulnerabilities_Threats_and_Countermeasures https://www.myrasecurity.com/en/information-security-management-system-isms/ https://www.securitymetrics.com/blog/wireless-access-point-protection-finding-rogue-wi-fi-networks | https://www.researchgate.net/publication/228864040_Wireless_Network_Security_Vulnerabilities_Threats_and_Countermeasures https://www.isms.online/information-security-management-system-isms/ | Medium |
| Wireless Technology Weakness | Wireless Cryptographic Weakness | Due to the nature of wireless connections and communication, without adequate protection, attackers can gather information sent on the network. There are protocols that ensure the confidentiality of data with encryption standards, provide authentication, and provide means for access control needed for the wireless network. Although there are several cryptographic mechanisms that can be implemented in the organization’s wireless architecture, their strength differs in protecting the organization’s data in transit (DIT). Wi-Fi security protocols available to use include Wired Equivalent Privacy Protocol (WEP), Wi-Fi Protected Access Protocol (WPA), Wi-Fi Protected Access 2 Protocol (WPA2), and Wi-Fi Protected Access 3 Protocol (WPA3). WEP and WPA should not be implemented because they are considered insecure. WPA2 is one of the most used encryption types and offers the Advanced Encryption Standard (AES), but it is vulnerable to security attacks if the adversary can obtain the security key. WPA3 is the newest encryption standard and the most desired due to its automatic encryption. | Depending on the needs and resources of the organization, implement either WPA2 or WPA3 (preferably) as the organization's security protocol since they are the strongest cryptographic mechanisms. Upgrade wireless equipment and ensure it is capable of using WPA2 or WPA3. Consider applying different security ciphers that are part of the WPA2 encryption (e.g., Counter Mode with Cipher Block Chaining Message Authentication Code Protocol [CCMP] or Temporal Key Integrity Protocol [TKIP]). Consider applying a combination of both WPA2 and WPA3 to allow older devices to remain secure using WPA2 and give newer devices the ability to use WPA3. Make the decision based on the needs of the organization and the resources available to adequately protect its information systems and users. | https://www.professormesser.com/security-plus/sy0-501/wireless-cryptographic-protocols/ https://www.juniper.net/documentation/en_US/junos-space-apps/network-director3.7/topics/concept/wireless-encryption-and-ciphers.html https://www.geeksforgeeks.org/types-of-wireless-security-encryption/ | Medium | |
| Wireless Technology Weakness | Wireless Network Design Weakness | Both the physical and virtual design of an organization’s wireless network are important to its security. The network's design focuses on how the network should be planned to effectively reduce vulnerabilities and protect the organization from wireless security attacks. The wireless network design includes how systems and applications communicate with one another (wirelessly), who has access to them, and how the information is transferred within the network. The design must include security at each access point of the network, including the placement of the physical router, the segmentation of the network, and what is accessible publicly over Wi-Fi, and broadcasting using the Service Set Identifier (SSID). | Review the physical network map and ensure the organization's Wi-Fi signal does not extend into public locations. Change default passwords and restrict wireless access to the network. Encrypt the data on the network and data at rest, install a firewall, securely maintain the antivirus software, and stay current with patches on access points. Ensure the network is segmented and that wireless file sharing is used only when necessary. Verify the security of Internet service providers and wireless router manufacturers. | https://www.cisa.gov/uscert/ncas/tips/ST05-003 | Medium |