1.6 Explain the security concerns associated with various types of vulnerabilities Flashcards
Zero-day
A zero-day vulnerability is a software security flaw for which there is no publicly available patch or fix because the software vendor either is unaware of its existence or has just learned that it exists.
Weak configurations
- Open permission = Open permissions that allow users access that violates the principle of least privileges
- Unsecure root accounts = The presence of unsecured accounts, including both normal user account and unsecured root accounts with administrative privileges. Accounts may be considered unsecured when they either lack strong authentication or use default passwords.
- Errors = Researchers from Stanford University found that approximately 88 percent of all data breaches are caused by an employee mistake.
- Weak encryption= Some cipher suites are easier to crack than others. Deprecated cryptographic algorithms often remain in production beyond their recommended lifespan.
- Unsecure protocols = Most networks involve equipment that support communication protocols that lack security features.
- Default settings
- Open ports and services = Open ports and services that are not necessary to support normal system operations. A system should expose only the minimum number of services necessary to carry out its function.
Vendor Management (Third-party risks)
- System integration = An understanding of what systems they are integrated with and its supporting
- Lack of vendor support = Vendors may end support for legacy application versions before an organization is ready to support dependent business processes on another platform
Supply chain (Third-party risks)
Supply chain security has become a significant concern for organizations.
Includes, suppliers, manufacturers, distributors, and customers. A breach at any link in the supply chain can result in business impact.
Outsourced Code development (Third-party risks)
Any software that your organization requires through outsourced code development should be reviewed internally for vulnerabilities before it is deployed on a production system.
Source code storage
Data storage (Third-party risks)
Sensitive data sored in vendor repositories, such as cloud services, needs to be secured, access managed, and usage monitored.
Improper or weak patch management
- Firmware = Commonly overlooked in IoT devices and other embedded systems, like VoIP phones
- Operating System (OS) = Windows has historically been and continues to be the biggest target.
- Applications = In many environments, non-Microsoft applications get overlooked for patching
Legacy platforms
Organizations rely on some mixture of new technologies and older, legacy systems that are integral to a critical process, such as timekeeping or payroll.
The platforms introduce numerous vulnerabilities, including a lack of patch support, weak or no encryption, and obscure programming languages that are difficult to maintain.
Impacts
Data breach, loss, exfiltration = Exposure of sensitive data, such as customer data is the first in a long line of consequences of an attack.
Reputation damage = When a company suffers a data breach and it is known to the public, it can cause their damage to their brand as they lose the respect of the public.
Availability loss = Disruptive attacks like DDoS and ransomware can impact an organization’s ability to conduct business, including revenue-producing activities.
Identity theft = Identity theft can have far reaching consequences for affected individuals. If any data held on a customer is stolen and then used for identity theft, the company can be sued for damages
Financial = Data breaches could result in lost revenue and regulatory fines.
