Information security professionals should know the common security weaknesses that hackers and malicious users first check for when hacking into computer systems. Security flaws, such as the following, should be on your checklist when you perform your security tests:
- Gullible and overly trusting users
- Unsecured building and computer room entrances
- Discarded documents that have not been shredded and computer disks that have not been destroyed
- Network perimeters with little to no firewall protection
- Poor, inappropriate, or missing file and share access controls
- Unpatched systems
- Web applications with weak authentication mechanisms
- Wireless networks running without WPA, or WPA2 enabled
- Laptop computers with no drive encryption
- Mobile devices with no, or easy to crack, passwords
- Weak or no application, database, and operating system passwords
- Firewalls, routers, and switches with default or easily guessed passwords