C1 – Assessment of Computer System Vulnerabilities Flashcards
C – Cybersecurity Protection Plans
Port Scanners
👉 scans a computer for any open ports that may be able to be exploited by hackers. It works by trying to connect to a computer by sending the request through each port sequentially, noting each port that responds or may seem open.
Registry Checker
👉 performs backups of the registry, making it easier to restore it to a previous state. It also checks registry entries for errors on start-up, automatically restoring to a previous point if errors are identified. Registry entry issues can be a key indicator of malware.
Website Vulnerability Scanners
👉 search for vulnerabilities on websites, such as cross-site scripting (XSS), SQL injection and insecure server configuration. This works by performing a wide variety of tests, such as identifying certain files, identifying malicious or vulnerable scripts & by submitting data in forms to check for common injection attacks
Vulnerability Detection and Management Software
👉 alike to the website vulnerability scanners, except they are not for websites, but rather for other IT systems. It will first analyse the system & then will run tests for relevant threats to the system being used, identifying key flaws.
Assessing User Vulnerabilities
👉 this involves identifying any vulnerabilities that might be caused by the users of the system. This could include auditing what accessing requirements different users require to the systems, the cybersecurity training completed by staff & the complexity of passwords set by staff. It could also involve performing mock attacks, such as fake phishing emails to test whether employees fall for scams.
Third Party Reviews of Systems & Network Designs
👉 It is extremely important that our system and network designs have fully considered the relevant vulnerabilities & threats before implementation begins. Failing to do so can lead to your system being exploited, as well as the cost involved with making the changes required to correct issues that have been missed.
👉 However, even with the best of efforts, most organisations are not cybersecurity specialists and will often fail to identify certain vulnerabilities in their designs. This is why having an independent third-party review your designs is so important.
👉 Specialist cybersecurity businesses can be hired to perform a review of your designs, verifying that all vulnerabilities & threats are being mitigated and providing guidance on how to better mitigate anything that hasn’t been properly secured.
👉 You will benefit from the specialist skills of the independent third-party and will save yourself the costs involved with being affected by an attack.
Penetration Testing
👉 A penetration test is where a cyber attack is simulated against a computer system or network to identify vulnerabilities that could be exploited by a malicious attacker. A “white hat” hacker is a term used for someone who specialises in performing penetration testing for organisations.
👉 The penetration test will cover all areas where vulnerabilities can arise, such as software, hardware, network, processes and user behaviour.
👉 OWASP (Open Web Application Security Project) is an organisation that, amongst other web security tasks, identify the most common threats that might occur to a web application. Obviously, web application threats are not the only threats that exist but can be a good starting point when looking at threats to a business.
OWASP top 10. The most recent list identified the following threats:
👉 Injection flaws– involves an interpreter being tricked into executing unauthorised commands.
👉 Broken authentication– incorrect authentication & session management allows for passwords, key and session tokens to be exploited to gain access.
👉 Sensitive data exposure– data that does not have sufficient protections in place, such as failing to encrypt sensitive data at rest or in transit.
👉 XML external entities– used to perform remote code execution, internal port scanning and denial of service attacks due to poor configuration.
👉 Broken access control– where restrictions on what users are allowed to do aren’t properly enforced, allowing attackers access to areas they should not.
👉 Security misconfiguration– insecure default configurations or incomplete configurations of operating systems, frameworks and applications; also includes vulnerabilities from out-of-date software.
👉 Cross-site scripting– where a web page includes untrusted data from user-supplied data, such as JavaScript in a comment form, so they can execute scripts to hijack user sessions or redirect to other sites.
👉 Insecure deserialization– leads to remote code execution or be used to perform attacks (like injection and privilege escalation attacks).
👉 Using components with known vulnerabilities– can lead to data loss or server takeover, as they have the same permissions as applications, this can enable various attacks if exploited.
👉 Insufficient logging and monitoring– allows attacks to continuously happen, so further tampering, extraction and destruction of data can happen.
