1.6 - Various Types of Vulnerabilities

Question 1

Zero-Day attacks

Answer 1

• Vulnerability has not been detected or published
• Increasingly common
• Very difficult to mitigate

Question 2

Open Permissions

Answer 2

• Very easy to leave the door open (hackers will find it)
• Increasingly common with cloud storage, higher statistical change of finding an open permissions (misconfiguration)
• Attackers spend a lot of time in cloud repositories looking for these vulnerabilities

Question 3

Unsecured Root Accounts

Answer 3

• Can be a misconfiguration that leaves the administrator or superuser account open
• Or using an easy to hack password
• To combat - disable direct login to the root account (use the su or sudo option)

Question 4

Error

Answer 4

• Error messages can provide useful information to an attacker
• Ex: may show service type, version information, debug data (memory values)

Question 5

Weak Encryption

Answer 5

• Weak Encryption protocol:
• weak protocols: DES (3DES is stronger) but both are weaker than AES
• weak length of encryption(< 128 bits)
• weak Hash used (MD5 (outdated))
• Wireless Encryption (WPA)

Question 6

Cipher suites

Answer 6

• Stay up to date with industry latest approved
• TLS (Transport Layer Security protocol) - is on the browswer, but there are over 300 cipher suites, some are very secure and some are not
• Avoid weak or NULL encryption (128 bits or smaller)

Question 7

Strong Encryption

Answer 7

• Strong Encryption protocol:
• Strong protocols: AES (DES = weak)
• strong length of ( > 128 bits (like 256))
• Hash used (SHA)
• Wireless Encryption (WEP)

Question 8

Insecure protocols

Answer 8

• Some protocols aren’t encrypted
• “In the clear” protocols sends all traffic in the clear
• Ex: Telnet, FTP, SMTP, IMAP

Question 9

Packet capture

Answer 9

• See if you can read through packet capture, if you can read it in plain English, it’s not being encrypted in transport

Question 10

Secure Protocols

Answer 10

• Use encrypted protocols

- Ex; SSH, SFTP, IMAPs

Question 11

Default settings

Answer 11

• Attackers know many ppl will not change default user name / password
• Ex: Mirai botnet - takes advantage of deafult user/name password for these IoT devices
• 60 + default configurations
• Your camera, router, doorbell can become part of a botnet
• Mirai botnet is open source so attackers can download and modify!

Question 12

Open ports and services

Answer 12

• Services will open ports
• This creates an opening into the server
• Let the good ppl in and keep the bad ppl out
• Often managed with Firewalls

Question 13

Firewalls

Answer 13

• Software based firewalls running on the server
• Network based firewalls running on the ingress/ egress part of the network
• Commonly have a rule set that will allow /disallow access to different ports on the IP address
• Firewall rulesets can become complex can be easy to make a mistake
• To combat - double, triple check (test and audit)
• look for mistakes with ports/ ip addresses, anything that allows access to a service

Question 14

Patch managed

Answer 14

• The update server determines when you path
• test all of your apps patches, load onto central server, then deploy
• efficiently manage bandwidth
• Often centrally managed, priority for many orgs
• Patches can be associated with firmware or OS or associated with applications

Question 15

Legacy systems

Answer 15

• Often to turn off
• Often systems are running beyond the end of life, security concern
• May keep legacy systems, but may need to add additional firewalls/ security around the system

Question 16

Third- party

Answer 16

• IT security doesn’t change b/c it’s a third party, there should be more security not less
• Ensure that security policy and procedures are prepared
• they are often on the internal network
• May not be malicious but can be

Question 17

Vendors

Answer 17

• Ensure that vendors are aware of problem, they need to be motivated enough to fix the problem if one arises
• Can’t make the changes ourselves, need trusted vendors

Question 18

Supply-chain risk

Answer 18

• Important to maintain security controls whether in house or third party
• Have to check hardware and software coming from third parties

Question 19

Outsourced code development

Answer 19

• If code is in house, may want to provide a VPN or have data stored in cloud, must make sure you have implemented correct security controls
• Best practice that wherever developer is working is isolated from production

Question 20

Data storage

Answer 20

• Consider the type of data (ex: healthcare, financial)
• May be mandates about how to store data (esp. if it’s at a third party) - might need to be encrypted if it’s financial / health

Question 21

Vulnerability $ impact to the US

Answer 21

• 57 - 109B cost the US economy

Question 22

Results of vulnerability

Answer 22

• Data loss (ex: DB with no password)
• Ex: Meow attack - using no password or default, this data was being deleted, all data overwritten by ‘meow’
• Some attackers prefer to steal identity (Ex: Equifax)
• Financial loss (Ex: Bank of Bangladesh)

Question 23

SWIFT

Answer 23

• Society for Worldwide Interbank Financial Telecommunications
• Attackers sent secure messages to transfer money via SWIFT network to transfer 1B to different banks in one attack
• Bank to bank network that has been hacked

Question 24

Reputation Impacts

Answer 24

• Organizations are often disclosed
• Can cause stock prices to drop
• Ex: Uber breach that they didn’t announce, UBER tried to pay off the hackers and then paid 148M in fines

Question 25

Availability loss

Answer 25

• An attack could cause outages/downtime

- Ex: ransomware attacks that can bring down large networks