1.6 - Explain the security concerns associated with various types of vulnerabilities. Flashcards
Explain the security concerns associated with various types of vulnerabilities.
Cloud-based vs. on-premises vulnerabilities
-
Zero-day
-
Weak configurations
-use of default settings that pose sec risk
-presence of unsecured accts
-open ports + services that are unnecessary to support normal sys ops
-open permissions that allow usrs access that violates principle of least privilege
Open permissions
-easy to leave door open > perps will find it
-becoming more common wth cloud storage
-important to secure ur permissions
Unsecure root accounts
-don’t restrict access to ppl who shouldn’t have access
-allows escalated privileges that harm sys. + allows perp to exfiltrate data
-serious implications 4 entire sys. + anything it’s connected to
-unauthorized access to sys., nets, data
-disable direct login to root acct > use the SU or sudo optoin
-these accts have unlimited access to comp.
Mitigation
-protect accts wth root/admin access (shouldn’t be a lot of these)
-renaming/disabling admin acct + guest acct in each domain to prevent attcks on domain
-disable remote login as root accts
-enforce strong pswds 4 root accts
Errors
-error msgs provide useful info to perp
->service type, version info, debug data
-config errors = common source of data breaches
->config errors result when default configs not modified
Protection
-designing software in a way that doesn’t reveal sensitive info
Weak encryption
-use of weak encrypt. alg/flawed implementation
-improper key generation, distribution + mgmt of keys
-orgs should NEVER try to create its own cryptographic algs within sys.
-most sys. provide cryptographic methods based on strong standards
-TLS = one of most common issues
-two important choices
->alg to use to perform encryption + decryption
->encryption key to use with that alg
Unsecure protocols
-older protocols often failed to use encryption
-solution = switch to more secure protocol
-EX: Telnet + FTP
-Telnet = used to gain cmd line access to remote server
->can use SSH as secure replacement when seeking to gain cmd line access to remote sys
-FTP = provides ability to transfer files btwn sys.
->SFTP + FTPS can both provide secure method to transfer files btwn sys
Open ports and services
-enable apps to connect to services needed to function correctly (will open ports > important to manage access)
-usually managed wth firewall
->manage traffic flows, allow/deny based on port # or app, rule sets can be complex = easy to make mistake
-net. sec. could be at risk if misconfig/improperly connected
-EX of common open ports;
->FTP (21), SSH (22), DNS (53), IMAP (143)
-provide more vectors for recon + attck
-app running unneeded web serv = open to DoS attcks against HTTP port
-each additional service could carry additional flaws that could go unnoticed
-allow perp to easily see what services you’re connected to
-some OPs = inherently vuln. due to lack of encrypt. of base services
Prevention
-always test + audit
-vuln. scans
Default settings
-
Third-party risks
-
Vendor management
-
System integration
-
Lack of vendor support
-
Supply chain
-
