Understanding how your infrastructure works behind the scenes is key. Enumeration of your network by attacks can show signs of devices setup on default or weak password policies, leaving you open to dictionary brute force attacks.
Doing service detection with port scanning can show ports to your network that don’t need to be open and could lead to exploits. Just having your servers on the network can leave open chances of identifying the type of services running and then back-checking to see if there are public exploits currently available for applications that have public security updates which haven’t been implemented. Running checks on your network can keep lookouts for network traffic sniffing devices. This is where a device is setup to gather all traffic information that runs through the chain in the network. If the traffic is not encrypted, you could be sending out clear text information for anyone to pick up.
Your router devices can leave routes for access, and securing the traffic that routes through your network is your lifeblood, whether you allow employees to dial into the network via a VPN or an outdated WEP access point.
There are many different ways your organization moves its data, so it is important to keep an eye on the traffic. There are many telltale signs of an intruder or rogue routing of traffic. Sometimes you just have to look at the data at the network level.
On a local area network, man-in-the-middle attacks are prevalent. In a smaller network, it is easier for an attacker to gain access and broadcast a high level of trust for other clients in the network, and an employee wouldn’t know the difference if a high level of sophistication is used.