1.6 Vulnerability Types Flashcards
This type of attack is becoming increasingly more common and involves the attacker finding a vulnerability prior to it being detected or published. Named as such because it is often found shortly after release.
Zero day attacks
Attacks that involve attackers walking through backdoor vulnerabilities via unsecured permissions.
Open permissions
What are some good practices for administrator or root accounts in order to prevent unauthorized intrusion?
- Disable login to default root accounts
- Don’t use simple passwords
- Protect existing admin accounts
What kind of information can an error message provide to a potential attacker?
Service types
version information
debug data
This vulnerability involves the use of older encryption protocols, short encryption keys, and outdated hashes.
Weak encryption
Vulnerability that is often due to firewall mismanagement that involves port or application traffic being allowed through.
Open ports and services
This type of vulnerability can be caused by devices running old or end-of-life software. The risk needs to be weighed against the return for running those systems.
Legacy platforms
True or false: Third-party IT security can be trusted within your own organization.
False. More care should be taken with third-parties and the related security coverage
What kind of security risks are posed with professional installation and maintenance of systems in your organziation?
- Elevated OS access
- Physical access for USB or keylogger installations
- Able to run software on inernal network
Name the 5 major third party risks that come with outsourcing or working with other organizations.
System integration
Lack of vendor support
Supply chain risk
Outsourced code development
Data storage
Name the 5 major vulnerability impacts
data loss
identity theft
financial loss
reputation impacts
availability loss
