1.6 Explain The Security Concerns Associated With Various Types Of Vulnerabilities Flashcards
Cloud-based vs. on-premises vulnerability
The physical component of on-premises vulnerability and attacks doesn’t apply to cloud-based vulnerabilities and attacks. All the network-specific vulnerabilities and attacks to exploit those vulnerabilities apply to cloud-based and on-premises networks.
What is a zero-day?
A zero-day attack is a previously unknown attack that hasn’t been analyzed for mitigation.
What is a weak configuration?
Weak configuration fail to take Advantage off the full strength offered by a system or software.
What are open permissions?
Essentially open permissions equate to no security at all for any accessible system.
What are unsecure root accounts?
They are typically local administrator with no password, or any elevated accounts with with no password.
What are errors in regards to weak configuration?
Errors can be useful to that actors to gain insight to vulnerabilities, software, and ways to exploit these vulnerabilities.
What is weak encryption?
Is a form of weak configuration because threat actors are working to crack encryption and get access to their info.
Avoid weak or null encryption (less than 128 bit key sizes), outdated hashes (MD5)
What are unsecure protocols?
These are protocols that are unencrypted and data is transferred in plaintext(Telnet, FTP, SMTP, IMAP).
Verify with a packet capture to view everything sent over the network.
You can reconfigure an application to use the encrypted version(SSH, SFTP, IMAPS, etc).
What are default settings?
Every application and network device has a default login. Some people never change the default username and password and attackers take advantage of this.
Example is a botnet that takes over devices.
What are the security risks of open ports and services?
Opening these ports and services means opening up the door for access to the server.
We can manage this access usually with a firewall to facilitate traffic flows, allow or deny based on application or port number.
One downside is that these firewall rulesets can become complex. Need to be audited to check.
What are third-party risks?
Third-party risks are those where you can’t properly handle security of third-party access, but rather focus on securing your own better.
There should be more security in place for third-party access to your systems. Always be prepared for a breach.
Everyone needs to use the IT security best practices.
Physical and cybersecurity should go hand-in-hand to work together to ensure better security.
What is a system integration risk regarding vendor management?
A third-party can have access to elevated OS access, they can be on-site with physical or virtual access to data and systems. They can install keyloggers and do USB flash drive data transfers. They are already past all the firewalls and physical security so they can run port scanners, traffic captures, inject malware and spyware, etc.
What are third-party risks of Lack of Vendor support?
Vendors need to be aware that there is always a possibility for a vulnerability. Vendors are the only ones that can fix the vulnerability on their own products; they need to be aware it exists and care enough to fix it. Vendors need to be aware of these problems and be able to react to them in a timely manner.
What are third-party risks with Supply chain?
Almost everything you buy and install comes from a third-party. Before you deploy any of these items on your systems, you need to make sure that you have proper security controls on your own systems first. Hardware and software from a vendor can contain malware. You have to inspect the hardware from a third-party company to monitor everything and to react to any potential attack from a supply chain.
What third-party risks with Outsourced code development?
Not every org has the resources to do in-house development. You need to decide where to have the code stored. If in-house, you need to have the developers use a VPN, or you may want it on a centralized cloud-based server. For both, you need to make sure you are putting in the correct security controls for where the data happens to be and where people are accessing it. You also need to isolate where the code is stored and where developers are working from the rest of the network. Once the code is completed, it needs to be checked for backdoors and validate data protection and encryption.
