1.6 Explain the security concerns associated with various types of vulnerabilities

Question 1

Zero-Day

Answer 1

A never before seen vulnerability. No way to patch it

Question 2

Open Permission

Answer 2

Unsecured data that is left open to the public.

Question 3

Unsecured Root Account

Answer 3

A admin account that is compromised. Due to weak passwords

Question 4

Errors

Answer 4

Error message that have to much information. Error message list Service type, version info, debug data.

Question 5

Weak encryption

Answer 5

Protocols, hashes, and length of encryption key are out dated or already have a exposed vulnerability.

Question 6

Unsecure Protocols

Answer 6

Protocols that aren’t encrypted. Data that is displayed in the clear.

Question 7

Default Settings

Answer 7

Uses the default username and password.

Question 8

Open ports and services

Answer 8

Server that has no Firewall or Network fire wall.

Question 9

Improper or weak patch management

Answer 9

Not patching the Firmware, OS, or applications. Causes data breaches.

Question 10

Legacy Platforms

Answer 10

Old systems that cant be easily upgraded.

Question 11

System Integration

Answer 11

Professional and maintenance team that have admin and physical access to your network.

Question 12

Lack of vendor support

Answer 12

Vendors that do not put/take a long time to patch vulnerabilities.

Question 13

Supply Chain Risk

Answer 13

Not in control of security from third party locations.

Question 14

Outsourced code

Answer 14

Code that is developed by third party needs to secure. Code needs to checked for vulnerabilities

Question 15

Data Storage

Answer 15

Storing data at at third party location needs to be encrypted. Also the way the date is being transferred needs to be secured.

Question 16

Vulnerability Impacts

Answer 16

Finical, data loss, ID theft, data breaches, Reputation, Availability loss,