Top 19 Network Security Threats + Defenses for Each

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Network security threats are technological risks that weaken the defenses of an enterprise network, endangering proprietary data, critical applications, and the entire IT infrastructure. Because businesses face an extensive array of threats, they should carefully monitor and mitigate the most critical threats and vulnerabilities. There are seven major categories of network security issues that all include multiple threats, as well as specific detection and mitigation methods your teams should implement for each threat.

Table of Contents

Featured Partners: Cybersecurity Software

Public Internet Threats

If your enterprise network is connected to the public internet, every threat on the internet can render your business vulnerable too. Widespread, complex business networks are particularly challenging to protect; these can include edge and mobile networks as well as branch office networks and storage area networks (SANs). Typical internet threats include malicious software, malicious websites, email phishing, DNS poisoning, and DoS and DDoS attacks.


Malicious software (malware) is code designed to disturb normal or safe computing operations. When clicked, links in emails or extensions on websites immediately download malware onto a host machine. Sometimes the malware can laterally move through the network, depending on its abilities.

Defending Against Malware

Use the following methods to prevent malware:

  • Train your employees: Your workers are your organization’s first line of defense and its biggest attack surface. They need to know how to reduce the major risks your business faces.
  • Implement endpoint protection: All devices should have antivirus and endpoint protection installed on them to automatically respond when the software detects a threat.
  • Segment your network: Segmentation technologies require setting policies for each network, managing which traffic can move between subnets, and decreasing lateral movement.

Spoofed Websites

Spoofed websites are sites that look legitimate but are designed to steal internet users’ account credentials. Threat actors direct users to the site, and once the users input their credentials, the attackers collect them and use them to log into the real application.

Defending Against Malicious Sites 

Protect your credentials through the tips below:

  • Deploy multi-factor authentication for all applications: If a threat actor manages to steal your credentials through successful spoofing, they’ll have a harder time getting through MFA.
  • Teach users to recognize spoofed websites: Make sure your employees know the characteristics of a fake site, whether that’s grammatical issues, a strange URL, or an unapproved email that led them there.
  • Blacklist sites as soon as you learn about them: If multiple employees are navigating to a single site from the same threat actor, blacklist the URL as soon as you identify it.

Email-Based Phishing Attacks

Email phishing is a technique used by threat actors to trick users into opening emails and clicking links inside them. It can include both malware and spoofed sites; there’s plenty of overlap in internet phishing threats. Email attacks typically target employees through their business email accounts.

Defending Against Email-Based Phishing Attacks

To prevent email phishing, use these techniques:

  • Implement stringent email protection software: Often, threat actors direct users to a spoofed website through an email with a link, like instructions to reset a password.
  • Host intensive security awareness training sessions: Your employees should know exactly what to look for when they receive unfamiliar emails.
  • Install a next-generation firewall (NGFW): Installing an NGFW between the public internet and your organization’s private network helps filter some initial malicious traffic.

Read more about types of phishing, including spear phishing, whaling, and smishing, in our complete guide to phishing attacks.

DNS Attacks

DNS cache poisoning, or hijacking, redirects a legitimate site’s DNS address and takes users to a malicious site when they attempt to navigate to that webpage.

Defending Against DNS Attacks

Consider these strategies to prevent DNS attacks:

  • Use DNS encryption: Encrypting DNS connections requires teams to use the DNSCrypt protocol, DNS over TLS, or DNS over HTTPS.
  • Isolate DNS servers: Deploy a demilitarized zone (DMZ) to isolate all DNS traffic from the public internet.
  • Stay on top of updates: All DNS servers should be regularly patched when an update is announced.

DoS & DDoS Attacks

Denial of service (DoS) and distributed denial of service (DDoS) attacks are threats that can disable machines or entire computer systems by overloading them with traffic. They’re notoriously difficult to prevent because they often come from external traffic, rather than from a threat within the network that can be located and halted while it’s in your system. Not every DoS or DDoS attack comes from internet traffic, but many of them do.

Defending Against DoS & DDoS Attacks

Implement the methods below to protect your network from DoS and DDoS attacks:

  • Implement reverse proxies: The reverse proxy has its own IP address, so when IP addresses flood a single server, they’ll go to the proxy’s IP address instead and the internal server’s IP address won’t be overwhelmed as easily.
  • Install web application firewalls: You can configure firewalls to monitor and block different kinds of traffic.
  • Deploy load balancers: By directing network traffic to the sources that can manage it, load balancing reduces the risk of traffic completely overwhelming a server.

Unsecured & Outdated Network Protocols

Some older versions of network protocols have bugs that have been fixed in later versions, but many businesses and systems continue to use the older protocols. It’s best to use the most recent protocol versions to at least avoid already-known threats, especially if your industry requires a certain protocol version to stay compliant with regulatory standards. Some of the most popular network protocols include SSL, TLS, SNMP, HTTP, and HTTPS.


Secure Socket Layer (SSL) and Transport Layer Security (TLS) are both networking security protocols. Any older SSL and TLS versions than TLS 1.3 have multiple weaknesses, including the vulnerabilities that allow POODLE attacks and BEAST attacks. While TLS 1.3 may have its own weaknesses that will be discovered over time, it does fix known vulnerabilities in older TLS and SSL versions.

Defending Against SSL & TLS Threats

Use these tips to prevent threats caused by SSL and TLS:

  • Update connections: Keep every network connection upgraded to the most recent version of TLS. 
  • Disable old versions: Completely disabling older SSL and TLS versions on your network ensures they aren’t used accidentally.


Simple Network Management Protocol (SNMP) is a common internet protocol designed to manage the operations of networks and the devices on them. SNMP versions 1 and 2 have known vulnerabilities, including unencrypted transmissions (v1) and IP address spoofing (v2). Version 3 is the best option of the three because it has multiple encryption options. It was designed to solve v1 and v2’s problems.

Defending Against SNMP Threats

Upgrade all versions of SNMP to version 3 to avoid the gaping security flaws in the previous versions. 


Hypertext Transfer Protocol is an internet communication protocol that isn’t inherently secure. Hypertext Transfer Protocol Secure (HTTPS), the encrypted version of HTTP, is. All your internet connections should be encrypted, and every communication with another website should use HTTPS.

Defending Against HTTP Threats

To prevent insecure HTTP connections, use these methods:

  • Block HTTP access: If any connections use HTTP, block access to them as soon as you can.
  • Direct traffic to HTTPS: Configure all attempted HTTP communications to redirect to HTTPS.

Network Misconfigurations

A simple misconfiguration of a network protocol or rule can expose an entire server, database, or cloud resource. Typing one wrong line of code or failing to set up routers or switches securely can contribute to configuration errors. Misconfigured network security commands are also challenging to find because the rest of the hardware or software appears to be working properly. Misconfigurations also include improperly deployed switches and routers.

Common misconfigurations include using default or factory configurations on hardware and software and failing to segment networks, set access controls on your applications, or patch immediately.

Using the Equipment’s Default Configuration

Default credentials are factory-set usernames and passwords on networking hardware and software. They’re often very easy for attackers to guess and may even use basic words like “admin” or “password.” 

Defending Against Default Configuration Threats

To prevent security issues caused by default configurations:

  • Change all credentials: Switch any default usernames or passwords immediately to stronger, hard-to-guess credentials.
  • Make regular password updates: After the initial password change, switch them every few months.

Insufficient Segmentation

Network segmentation is a technology that splits a network into different sections. If a network isn’t divided into subnetworks, malicious traffic has a much easier time traveling all throughout the network, with the opportunity to compromise many different systems or applications.

Defending Against Network Segmentation Threats

Segment networks into subnetworks and create security barriers between them. Segmentation technologies involve setting policies for each network, managing which traffic can move between subnets, and decreasing lateral movement.

Access Misconfigurations 

Misconfigured access controls happen when teams fail to securely implement access and authentication protocols, like strong passwords and multi-factor authentication. This is a significant risk to your entire network. Both on-premises and cloud-based systems need access controls, including public cloud buckets that don’t require authentication methods by default. Network users need to be both authorized and authenticated.

Authentication requires the user to present PINs, passwords, or biometric scans to help prove they are who they say they are. Authorization permits the user to view data or applications once they verify themselves and their identity is trusted. Access controls allow organizations to set privilege levels like read-only and editing permissions. Otherwise, you run the risk of a privilege escalation attack, which occurs when a threat actor enters the network and moves laterally by escalating their user privileges. 

Defending Against Access Misconfiguration Threats

Use these tips to reduce access-related misconfiguration risks:

  • Require credentials for every application: This includes databases, client management systems, and all on-premises and cloud software.
  • Don’t forget your cloud resources: Cloud buckets accessible on the internet should have access barriers; otherwise, they’re visible to anyone who has the bucket’s URL.
  • Deploy zero trust: Employees should only have the access level they need to do their job, known as the principle of least privilege or zero trust. This helps decrease insider fraud and accidental errors.

Obsolete & Unpatched Network Resources

Network hardware and software vulnerabilities are flaws that tend to reveal themselves over time, which requires IT and network technicians to stay apprised of threats as vendors or researchers announce them.

Obsolete routers, switches, or servers aren’t able to use the most recent security updates. These devices then require additional protective controls. Other old devices, like hospital equipment, often can’t be abandoned entirely, so enterprises will likely have to set up extra security to keep them from putting the rest of the network at risk.

Defending Against Patch Management Threats

Use these key strategies to prevent misconfigurations caused by patch and update failures:

  • Don’t wait to patch known issues: It’s critical for network administrators to patch firmware vulnerabilities immediately. Threat actors move into action quickly once they learn of vulnerabilities, so IT and networking teams should be one step ahead.
  • Automate some of the work: Automated alerts will help your business’s teams keep network resources up to date even if they aren’t on the clock constantly.
  • Reduce hazards caused by old tech: Phase out obsolete devices where possible. They’ll continue to be incompatible with the rest of the network, and it’s challenging to secure an entire network if some hardware doesn’t support it.

Human Security Threats

Your team members make mistakes, whether that’s an accidental line of code or a router password exposed for the whole internet to see. Training providers offer extensive cybersecurity courses just to mitigate the high likelihood that employees will put your infrastructure in danger.

Human error plays a large role in the majority of all data breaches — 85% of them are caused by employee mistakes, according to a study done by Stanford professor and security provider Tessian. You’ll need to watch for threats borne out of carelessness as well as deliberately malicious behavior — both are possible.

Accidental or Careless Errors

Employees make plenty of accidental security gaffes, including posting passwords on paper or Slack, letting strangers into the office, or plugging unidentified flash drives into a company computer. Sometimes they know the company’s policies but don’t want to follow them because they appear to take more time, like coming up with new passwords for every application instead of reusing them.

Defending Against Threats Caused by Mistakes

To reduce human error episodes:

  • Host cybersecurity training sessions every quarter: Make training interactive so that employees stay engaged, and make sure that new hires immediately know expectations.
  • Install software like password managers: These help employees manage their credentials safely.
  • Implement data loss prevention (DLP) technology: Protecting data is critical for both reputation maintenance and regulatory compliance.
  • Restrict your physical workspace: Don’t allow someone from outside the business into the premises where network hardware and software are hosted.

Intentionally Malicious Insiders

One area of human threat that’s often overlooked is insider threats, which come from employees who intend to harm the business. Although these don’t happen as frequently, they can be even more dangerous. These insiders usually have credentialed access to a network, which makes it much easier for them to steal data.

Malicious insiders exploit proprietary information or customer data, sometimes selling it to a third party. But other insiders may just want revenge if a coworker wronged them, they were terminated, or they believe the business is making unethical decisions. Malicious insider threats are difficult to mitigate because perpetrators may hide their feelings about the company and their intentions over time. And because they often have valid credentials, their effect is harder to track.

Defending Against Threats from Malicious Insiders

The following practices will help your business manage malicious employee behavior:

  • Make security a regular topic: Have conversations about cybersecurity in manager and employee one-on-one meetings. Show employees you’re serious about security.
  • Host more training sessions: They’re especially important because other employees are trained to recognize the behavior of their own team.
  • Implement behavioral analytics: Analytics can help your team at least identify anomalous behavior over time. If an insider is leaking data or changing credentials, it could be intentional.
  • Vet people before hiring: Asking for references and performing background checks, while not a catch-all, helps businesses hire trustworthy individuals.

Read more about developing a cybersecurity culture within your organization and how it reduces your vulnerability to employee mistakes.

Operational Technology

Operational technology (OT) typically refers to hardware and software that observe and control industrial environments. These environments include warehouses, construction sites, and factories. OT allows businesses to manage HVAC, fire safety, and food temperature through network-connected cellular technology.

Enterprise Internet of Things and Industrial Internet of Things (IIoT) devices also fall under operational technology. When connected to a business network, OT can provide an open door for threat actors.

Dangers of Operational Technology

Older OT devices weren’t designed with significant cybersecurity in mind, so whatever legacy controls they had may no longer be adequate — or fixable. Initially, equipment and sensors in plants and construction sites had no internet connection, nor were they 4G- or 5G-enabled. Current OT design makes it easy for an attacker to move laterally through networks. It’s also extremely difficult to implement large-scale security for legacy OT that’s been operating longer than it’s been connected to the internet.

Operational technology often has consequences that go far beyond IT security, especially in critical infrastructure such as food management, healthcare, and water treatment. An OT breach could do more than cost money or jeopardize tech resources like a standard network breach — it could cause injury or death.

Defending Against OT Threats

To secure your enterprise’s OT devices and networks, use these key tips:

  • Perform a detailed audit: You’ll need to know every single device connecting to your company network, and a thorough audit is the best way to do that.
  • Consistently monitor all OT traffic: Any anomalies should send automated alerts to IT and network engineers. Configure alerts so engineers immediately know what’s happening.
  • Use secure connections for all wireless networks: If your OT devices are on Wi-Fi, ensure that the Wi-Fi uses at least WPA2.

VPN Vulnerabilities

Although virtual private networks (VPNs) are security tools designed to create a private tunnel for organizations’ network communications, they can still be breached. Your business should monitor both your direct team’s VPN use and all third-party VPN access.

Employee VPN Usage

VPNs are designed to protect your team’s computing sessions and associated data, like IP addresses and passwords, from prying eyes. However, they don’t always achieve that goal — VPN connections aren’t a foolproof security method and can sometimes still be hacked, especially if the VPN connection has a sudden and brief outage.

Defending Against VPN Threats

Use the methods below to mitigate VPN vulnerabilities within your organization:

  • Implement least privilege access management: Least privilege access gives specified users the permissions they need to do their job and nothing else.
  • Stay on top of patches: Individual VPN solutions can have vulnerabilities of their own, so ensure that your business continually monitors them and patches weaknesses when needed.

Third-Party VPN Access

When businesses give partners or contractors access to their applications using a VPN, it’s very difficult to restrict these third parties’ access to specific permissions. VPNs also don’t keep a lot of data logs to analyze later, so it’s challenging to locate the specific source of a breach if a third party does abuse their permissions.

Defending Against Third-Party VPN Threats

Implement least-privilege access for contractors and other third parties, too. It’ll limit their access to sensitive business data and applications.

Remote Access

Over the last decade, but especially during the COVID-19 pandemic, connecting remotely to office networks and resources became a popular way to complete work from home offices and other locations. Unfortunately, untrusted networks and personal devices put business networks and systems in danger. Two major threats are Remote Desktop Protocol and Wi-Fi networks.

Remote Desktop Protocol

Remote Desktop Protocol (RDP) allows users to use one computer to interface with another remote computer and control it. In the early stages of the pandemic, RDP was one of the most common ransomware attack vectors. Attackers were able to find a backdoor through RDP’s vulnerabilities or simply brute force attack by guessing passwords. Remote access trojans also allow attackers to remotely control a machine once malware downloads onto the computer through an email attachment or other software.

Defending Against RDP Threats

To be as secure as possible, your business should phase out RDP as soon as you can. It’s no longer safe to use. If your team does still decide to use RDP, use these protective methods:

  • Limit password attempts: Users should only be able to input a password a couple of times. This prevents brute force attacks.
  • Set difficult-to-guess passwords: Require good password hygiene for all RDP credentials.
  • Limit access to specific IP addresses: Only whitelist specific addresses attached to employee devices.
  • Configure strict user policies for RDP: This includes least privilege access. Only those who need to connect remotely to perform their job should have access.

Wi-Fi Networks

Other unsecure network connections, like unprotected Wi-Fi, allow thieves to steal credentials and then log into business applications from coffee shops and other public locations. Remote businesses have multiple methods of remote access to company resources, and it’s hard for IT and security teams to lock all of them down.

Defending Against Wi-Fi Threats

If you’re working on a network outside your home, take the following security measures:

  • Make sure the network is private: If you can work in a small coworking space or another home, that’s ideal, but if you’re in a public place, ensure the Wi-Fi requires a password. 
  • Use a VPN: Virtual private networks, though not foolproof, help protect your remote connections when Wi-Fi is not secure.

Where Do Network Threats Come From?

Network threats come from an enormous variety of sources, but narrowed down, they can be traced to vectors like devices, humans, network traffic, general security operations, and maintenance failures.


Hardware sometimes has misconfigurations and outdated protocols. Devices that have been infected by malware, like routers, are a threat to the rest of the network. Also, unauthorized devices and unsecured BYOD devices on the network may not have the same security controls as authorized devices and are therefore more vulnerable.


Humans make mistakes, and network security is difficult to manage even for experts because it’s so highly intricate. It’s easy for senior engineers to misconfigure a setting, as experienced as they may be. Additionally, some insiders deliberately manipulate networks for their personal gain.


Malicious packets attempt to enter a network, requiring firewalls and other systems, like IDPS, to prevent them. Malicious traffic comes from multiple locations, so it’s challenging to secure all ports. Traffic IP addresses can be hidden, too, and threat actors can use different IP addresses to avoid network blacklists and thwart threat intelligence.


Sometimes hardware and software fail. DoS and DDoS attacks flood servers and render them unusable. Also, natural disasters and power surges destroy or temporarily take down networks. Although this isn’t a cybersecurity issue at its root, it can certainly weaken security controls, particularly if the main NGFW or other detection and prevention tools go down.

Insufficient Maintenance

Network hardware and software need to be updated with the latest protocols and patches. Unpatched vulnerabilities on network firmware are an open door for attackers. Additionally, if IT and network admins don’t regularly perform vulnerability scans, they won’t be able to identify vulnerabilities as quickly.

Network Security vs. Endpoint Security vs. Application Security

The line between network security, application security, and endpoint security is hard to draw because they all affect each other immensely. In this article, we’ve focused on network threats and excluded threats that originate on applications or endpoints, such as cross-site scripting or ransomware. We define application, endpoint, and network security as follows:

  • Network security: Specific to the network’s infrastructure, including connections between devices like routers and switches.
  • Endpoint security: Specific to devices and users and their effect on an organization overall.
  • Application security: Specific to software programs and their effect on the organization, network, and computer systems.

However, endpoint devices and business applications still affect network security. A malware-infected computer or compromised CRM system can still lead to a network breach. These categories do overlap, but to avoid confusion, we’ve differentiated between them in this guide.

How Can You Detect Threats?

Although network threats come from many sources, enterprises need a reliable set of detection tools and techniques to pinpoint malicious behavior. Firewalls, monitoring, analytics, automation, vulnerability assessments, and deception tactics all help businesses identify threats and give their teams time to develop a solution.

Manage Firewalls

Advanced network perimeter protection like a next-generation firewall can be configured to send alerts when it detects anomalous traffic. If data packets entering the network behave strangely, that’s a warning sign for IT and security teams. Threat intelligence from NGFWs is critical for identifying malicious traffic early. Some firewalls can also block well-known malicious websites. Make sure your team is consistently fine-tuning your firewalls and updating rules as needed.

Monitor Networks

Monitoring network devices and traffic helps enterprises observe patterns over a period of time. Advanced monitoring solutions like NDR are even able to scan encrypted traffic, where some threats may have slipped through the cracks.

Don’t forget to monitor IoT devices on the network — it’s not only challenging to secure IoT devices but also to identify threats from a distributed network of smart devices. Identify all device vulnerabilities and implement network traffic monitoring specifically designed for the Internet of Things. It’s important to locate the root of IoT threats before they spread further through the network.

Implement Machine Learning & Behavioral Analytics

Although firewalls and other perimeter security can identify and halt some traffic, other traffic will breach the network. Using analytics to study traffic as it moves through the network is beneficial for long-term security. A behavioral analytics solution that uses ML should be able to study ongoing traffic patterns and detect malicious behavior. NGFWs and other advanced security solutions often offer ML and behavioral analytics capabilities.

Automate Your Alerts

Security teams can’t study networks 24/7, but automated alerts flag malicious activity immediately after it’s detected. Machine learning and behavioral analytics platforms study patterns in network traffic data. Then automation sends email or Slack alerts to IT personnel immediately once an anomaly is detected.

Scan for Vulnerabilities

Vulnerability scanners examine devices and assets and compare them against a database of known vulnerabilities to identify issues like misconfigurations and outdated software. Some scanners categorize vulnerabilities by their level of risk. Some vulnerability scanning solutions also help businesses maintain compliance with cybersecurity and data protection regulations by creating policies and rules that enforce particular standards.

Perform Penetration Testing

Pentesting gives enterprises clear, actionable information about their network security by hiring expert hackers to find vulnerabilities in the network. These hackers identify specific areas of weakness in web-facing assets like applications, firewalls, and servers. Consider learning more about the differences between pen testing and vulnerability testing.

Create Honeypots

A computer system or application specifically designed to trap attackers is called a honeypot. For example, a honeypot could be a database set up with a tempting name, implying sensitive information is stored there. It’s designed to help teams study threat actor behavior before the threat actors get to critical assets. Other examples of a honeypot include an additional router or a firewall that protects a fake database. Some vendors offer this as deception technology.

Bottom Line: Tracking & Preventing Network Security Threats

Tight cybersecurity defenses have increased steeply in the last five years. The rise of ransomware and the sophisticated tactics of bad actors necessitate equally strong action from enterprises. No longer can IT teams and engineers sit back and hope that a firewall or good passwords will save them from the vulnerabilities that besiege their network.

Keep a close eye on all the threats mentioned above, and train your teams to detect threats and prevent them. Ensure that you don’t let little things slide — small misconfigurations or unpatched vulnerabilities can still cost the business millions of dollars if successfully exploited. It’ll take time, but commit to implementing consistent and careful cybersecurity practices within your business, and eventually network security will be an immediate and natural response to threats.

Is your business concerned about protecting your network from ransomware? Read about preventing ransomware attacks next.