Misconfiguration

Misconfigurations detections are a crucial aspect of Netography Fusion's Netography Detection Models (NDMs) that identify potential vulnerabilities caused by incorrect network setup or security configurations. These detections highlight issues that could expose a network to potential security risks. For instance, the 'external_snmp_sweep' detection alerts to attempts to gather SNMP (Simple Network Management Protocol) data from the external network, often indicative of reconnaissance activity by a potential threat actor. The 'msrdp' detection flags instances of Microsoft Remote Desktop Protocol being used, which could expose a network to vulnerabilities if not securely configured. 'Outbound_smb_traffic' detection pinpoints the use of Server Message Block protocol for outbound traffic, which should typically be confined to the internal network for security purposes. Finally, 'outbound_telnet_traffic' detection signals when telnet is being used for outbound traffic, an outdated and insecure protocol that could pose security risks. Each of these detections helps network administrators identify and correct configuration errors, thereby enhancing the overall security posture of their network.