Chapter 6 Vulnerabilities Flashcards
What is a Zero Day?
Vulnerabilities that are newly discovered and not yet addressed by a patch
What are compensating controls?
Controls that mitigate the risk indirectly, a common defense for zero days vulnerabilities
What are weak configurations
Configurations that are set up poorly as so a hacker can take advantage and potentially gain control of the network
What are Open Permissions?
When there are no restrictions to something and everyone has full access
What are examples of Weak Configurations?
Open permissions, Unsecure Root Accounts, Weak Encryption, Errors, and Default settings
What are some examples of third party risks?
Supply chain concerns, lack of vender support, Outsourced code Development, and data storage
What is End of Life?
When something has reached the end of its useful life
What is End of service life (EOSL)
When a manufacturer quits selling an item
Where does a supply chain attack occurs?
At the weakest security link in the supply chain
How can Outsourced Code development be a third party risk?
When the third party doesn’t develop the code well with security in mind, potentially leaving backdoors and vulnerabilities in the code
How can Data Storage be a third party risk?
If the data is stored in multiple facilities where security may not be up to the same standard across all facilities potentially causing a vulnerability
What are some examples of Improper or Weak Patch Management?
Firmware, Operating systems, Applications, and Legacy platforms that are not patched and updated allowing attackers to get into the systems
What is data loss?
when an organization actually loses information
What are data breaches?
The release of data to unauthorized parties
