Security incidents often arise from seemingly minor mistakes—misconfigurations that could otherwise be easily avoided.

Unencrypted communication, plain-text authentication, weak network segmentation, outdated operating systems and applications, and unsecured services are common yet often overlooked vulnerabilities. These misconfigurations create entry points or exploitation opportunities for potential attackers, putting your entire organization at risk.

In this article, we’ll uncover the most common configuration errors and outline practical steps to fix them, helping you build a more resilient and secure network.

Unsecured Services in the Perimeter 

Configuration error: Services like web servers, Remote Desktop Protocol (RDP), or Secure Shell (SSH) exposed to the Internet without proper protection are easy targets for attackers.

Internet-exposed services are often overlooked, making them vulnerable. Attackers exploit these weaknesses through brute force attacks, unpatched software exploits, or simple misconfigurations, using unsecured services as entry points into your internal infrastructure.

The risk is further heightened by insufficient access restrictions, such as unrestricted global IP access. Without effective logging and monitoring, such breaches can go undetected for extended periods.

Recommended actions:

• Deploy a Next-Generation Firewall (NGFW) and Web Application Firewall (WAF) to detect and block malicious activities.
• Restrict access using IP whitelisting and geolocation rules (e.g., allow only IPs from trusted regions).
• Avoid exposing services to the Internet unless absolutely necessary. Instead, manage access using Zero Trust Network Access (ZTNA) or a client VPN.

Pro tip: Regularly audit your exposed services to identify weaknesses and bolster overall protection.

Remote access via VPN 

Configuration error: Improper VPN configuration often allows access to entire network segments rather than specific services, significantly increasing the risk of lateral movement or full network compromise.

Unrestricted access and lack of user activity visibility can turn your VPN into a weak security link. Transitioning to modern solutions like Zero Trust Network Access (ZTNA) or client VPN offers a much higher level of security by providing granular access control and minimizing exposure.

Recommended actions:

• Restrict VPN access to only necessary services and resources.
• Implement monitoring tools to track VPN activity and identify suspicious behavior.
• Switch to ZTNA or client VPN for granular access control and enhanced security.

Bypassing Security Policies in Remote Access 

Configuration error: Unauthorized devices or software used by vendors to bypass access policies creates direct access to your internal infrastructure, seriously compromising network security.

A common scenario involves “rogue” routers with cellular connectivity (4G/5G) that terminate VPN tunnels directly into your organization’s infrastructure. This undermines your existing security policies and grants direct access to the internal network.

Equally problematic is the use of software tools like SoftEther, which allow VPN connections over HTTPS from any device where the software is installed. This traffic mimics regular network communication, often bypassing detection by traditional firewalls. The result is hidden access, which can be exploited by attackers or even disgruntled employees for unauthorized activities or cyberattacks.

Recommended actions:

• Conduct regular audits based on network traffic analysis to identify unauthorized devices, detect suspicious behavior, and uncover anomalous communication patterns.
• Enforce the use of approved remote access solutions like ZTNA or client VPN.
• Proactively disable unauthorized remote access devices and software.

Pro Tip: Use tools like GREYCORTEX Mendel to detect unauthorized remote access and enforce security policies.

Unauthorized Access Between Network Segments 

Configuration error: Poor segmentation and inadequate communication control between networks allow devices from less secure environments to access your internal resources, significantly increasing security risks.

One of the fundamental principles of secure network design is proper segmentation and controlled communication between network segments. However, it is common to find devices from separate networks, such as guest Wi-Fi, gaining access to internal DNS or DHCP servers. These Wi-Fi devices, which often do not meet organizational security standards, pose a significant risk if communication is not properly restricted.

Recommended actions:

• Implement strict network segmentation and block unauthorized communication between segments.
• Monitor traffic between segments to detect unauthorized communication.
• Regularly audit your network infrastructure configurations to identify vulnerabilities.

Pro Tip: Visualize inter-segment communications with tools like GREYCORTEX Mendel to identify potential weak points.

Unencrypted Communication and Plain-Text Authentication 

Configuration error: Unencrypted protocols such as HTTP, Telnet, or TFTP, along with plain-text authentication, leave organizations vulnerable to eavesdropping and credential theft.

This issue often stems from legacy systems or misconfigurations that fail to support modern encrypted protocols. Attackers can intercept unencrypted communications to access sensitive data. For legacy systems that cannot be quickly replaced, it is essential to assess the risk, implement necessary safeguards, and develop a medium-term plan for mitigation.

Recommended actions:

• Switch to encrypted protocols, such as HTTPS, SSH, or SFTP.
• Identify systems lacking encryption support and create an upgrade plan.

Pro Tip: Regularly scan your network for unencrypted communication and plain-text authentication.

Outdated or Weak Encryption Standards 

Configuration error: Outdated encryption protocols, such as TLS 1.0/1.1, leave organizations vulnerable to modern threats like eavesdropping and cyberattacks.

Outdated encryption protocols are often found in legacy systems or arise from misconfigurations. In the case of misconfigurations, switch to secure protocols immediately. For legacy systems where replacement may be challenging, document the risks and develop a medium-term plan to transition to modern encryption standards, ensuring your critical data remains protected.

Recommended actions:

• Upgrade encryption standards to secure versions, such as TLS 1.2/1.3.
• Identify systems using outdated protocols and schedule updates.
• Restrict access to systems still reliant on outdated encryption.

Pro Tip: Use tools like GREYCORTEX Mendel to identify systems using weak encryption protocols.

External DNS Requests 

Configuration error: Devices communicating directly with external DNS servers increase the risk of exposing sensitive infrastructure data and them being exploited through DNS tunneling techniques.

Devices within internal, server, or technology networks should only use organization-managed DNS servers. External DNS queries pose particular risks in environments with IoT devices or less secure endpoints, allowing attackers to exploit vulnerabilities like DNS spoofing or covert tunneling.

Recommended actions:

• Ensure internal devices communicate only with an authorized internal DNS server, which alone resolves external queries.
• Monitor DNS traffic for anomalies, such as unauthorized queries to public DNS servers.
• Block external DNS queries at the firewall level to secure your internal infrastructure.

Pro Tip: Leverage tools like GREYCORTEX Mendel to detect unauthorized DNS communication and improve network protection.

Unused IPv6 Communication 

Configuration error: Active IPv6 communication on devices without deliberate use adds unnecessary network overheads and complicates management.
In many organizations, devices are configured with both IPv4 and IPv6 addresses, even when IPv6 is not actively used. This results in redundant multicast and anycast queries, increasing your network traffic without providing value.

Recommended actions:

• Disable IPv6 on devices where it is not required to reduce traffic.
• Regularly monitor IPv6 traffic to identify inefficient flows.

Pro Tip: Ensure the compatibility of applications and devices relying on IPv6 before disabling it completely.

Effective Network Threat Prevention Begins with Proper Configuration

The misconfigurations highlighted above are not uncommon—they frequently surface during network audits across organizations of all sizes. Some issues can be resolved with simple configuration changes, while others demand a more strategic approach or infrastructure upgrades. Regardless of their complexity, early identification of these vulnerabilities is critical to preventing security incidents.

GREYCORTEX Mendel offers you a complete view of your network, detecting risks such as unencrypted communication, unauthorized access points, and problematic remote access methods. With Mendel, you can proactively identify vulnerabilities, minimize risks, and fortify your network before threats escalate.