1.6 Various types of vulnerabilities

Question 1

zero-day

Answer 1

Attacks that exploit known vulnerabilities. These are dangerous because they are unknown to product vendors, and no patches are available to correct them.

Question 2

Weak configurations

Answer 2

These are weak settings that may jeopardize security.
1. The use of default settings that pose a security risk
2. The presence of unsecured accounts
3. Open ports and services that are not necessary to support normal system operations.
4. Open permissions that allow users access that violates the principle of least privilege

Question 3

open permissions

Answer 3

These allow users access that violates the principle of least privilege

Question 4

unsecure root accounts

Answer 4

This is an account with admin privileges

Question 5

weak encryption

Answer 5

A weak encryption may be easily defeated by an attacker. These can be encryption keys that are easily guessable due to its length or composition.

Question 6

unsecure protocols

Answer 6

These are protocols that fail to use encryption to protect usernames, passwords etc. Telnet is an unsecure protocol used to gain command line access to a remote server.

Question 7

default settings

Answer 7

This can include admin setup pages that are meant to be disabled before moving a system into production

Question 8

open ports and services

Answer 8

This is an example of a weak configuration

Question 9

Firmware

Answer 9

This is the replacement for the traditional basic input/output system BIOS