The following list explains the main considerations regarding network vulnerability:

• Vulnerable legacy protocols with insufficient security capabilities
• Weak network security architecture
• Network device configurations not stored or backed up
• Unencrypted passwords, lack of password expiration policies
• Inadequate access controls applied
• Inadequate physical protection of network equipment
• Unsecured physical ports
• Non-critical personnel have access to equipment and network connections
• Lack of redundancy for critical networks
• No security perimeter defined, firewalls not used adequately, and control networks used for non-control traffic
• Lack of integrity checking for communications
• Inadequate data protection between clients and access points: