1.6 Explain the impact associated with types of vulnerabilities.

Question 1

Vulnerability types

Answer 1

There are many types of vulnerabilities
• Some digital, some physical
• Cover a broad scope
• Programming, network design,
process/procedure
• Any of these can be exploited at any time

Question 2

Race condition

Answer 2

A programming conundrum
• Sometimes, things happen at the same time
• This can be bad if you’ve not planned for it

Question 3

End-of-life vulnerabilities

Answer 3

Without vendor support, no security patches

Upgrade to maintain security

Question 4

Embedded system vulnerabilities

Answer 4

No direct access to the operating system

These devices are usually connected to the Internet - convenient to the hacker

Question 5

Lack of vendor support

Answer 5

Vendors are the only ones who can fix their products

Assuming they know about the problem And care about fixing it

Question 6

Improper input handling

Answer 6

Many applications accept user input• We put data in, we get data back
• All input should be considered malicious• Check everything. Trust nobody
.• Allowing invalid input can be devastating• SQL injections, buffer overflows, denial of service

Question 7

Improper error handling

Answer 7

Errors happen
Messages should be just informational enough
Network information, memory dump, stack traces, database dumps• This is an easy one to find and fix• A development best-practice

Question 8

Misconfiguration/weak configuration

Answer 8

• Very easy to leave a door open

The hackers will always find it

Question 9

Default configuration

Answer 9

• Every application and network device has a default login• Not all of these are ever changed

Question 10

Untrained users

Answer 10

It takes one person to allow a breach

Training is critical

Question 11

Improperly configured accounts

Answer 11

Technical issue and process issue
• Frequent audits are important
• Accounts without a need
• Abandoned and unnecessary accounts
• Accounts with administrative access
• These should be severely limited
• Should not be able to login directly as administrator
• Unless it’s on a server console

Question 12

Vulnerable business processes

Answer 12

Vulnerable business processes

Question 13

Weak cipher suites

Answer 13

Encryption protocol (AES, 3DES, etc.) and key length (40 bits, 128 bits, 256 bits, etc.)
• Hash used for the integrity check (SHA, MD5, etc.)
• Some cipher suites are easier to break than others so Stay updated with the latest best practices
• TLS is one of the most common issues - Over 300 cipher suites
• Weak or null encryption (less than 128 bit key sizes), outdated hashes (MD5)

Question 14

Memory/buffer vulnerabilities

Answer 14

Manipulating memory can be advantageous• Relatively difficult to accomplish

Question 15

Memory leak

Answer 15

Unused memory is not properly released
• Begins to slowly grow in size
• Eventually uses all available memory
• System crashes

Question 16

Integer overflow

Answer 16

Large number into a smaller sized space
• Where does the extra number go?
• You shouldn’t be able to manipulate memory this way

Question 17

Buffer overflow

Answer 17

• Overwriting a buffer of memory and Spilling over into other memory areas

Question 18

NULL Pointer dereference

Answer 18

• Programming technique that references a portion of memory
• What happens if that reference points to nothing?
• Application crash, debug information displayed, Denial of Service, etc.

Question 19

DLL injection

Answer 19

• The bad guys didn’t write the application, But they could write an external library and manipulate the operating system or application to run the library

Question 20

System sprawl/undocumented assets

Answer 20

Hundreds of projects, test platforms, active operating systems, production VMs
• Spin up a new instance with a click
• Keeping track is a challenge
• Easy to miss a forgotten compute - Under a desk
• Part of a retired application
• Not part of regular security patches
• These become pivot points

Question 21

Architecture/design weaknesses

Answer 21

The best security system fails if you don’t have locks on the doors
• The network doors aren’t always visible
• Examine every part of the network
• Ingress
• VPN
• Third-party access
• Internal controls
• Account access
• Front door access
• Conference room access

Question 22

New threats/zero day

Answer 22

What you don’t know can really hurt you
• And you won’t even see it coming
• Vulnerabilities are sitting in your system, waiting for someone to find them
• Some problems are hidden for years
• As soon as the problem is discovered (day zero), patch it
• There isn’t always time to properly test
• Balance severity with stability

Question 23

Improper certificate and key management

Answer 23

Manage your keys and certificates
• This needs to be well planned
• Important decisions, can’t do this on the fly
• What will be the organization’s certificate authority?
• How will the CA content be protected?
• How will intermediate CAs be created and managed?
• Who will validate and sign the organization’s certificates?• What is the validation process?