Common Security Issues 2.3 Flashcards

1
Q

Authentication Process Issues

A

Some protocols are not encrypted. FTP, STMP, IMPA, TELNET. Easily intercepted with a packet reading software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Logs and Event Anomalies

A

Professionals will gather as much intel as they can about switches, routers, firewalls, servers, your network, etc. The SIEM will correlate data logs from all of your sources. Sometimes you will get random attacks that don’t make a lot of sense.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Permissions Issues

A

Sometimes the permissions on data will be misconfigured and create a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Violations

A

Sometimes the app developer will make a mistake with their programming where a 3rd party application is trying to access something it’s not supposed to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Certificate Issues

A

A certificate can get outdated and become a vulnerability. Applications must perform the proper certificate checks or they will be a vulnerability. Sometimes the developers app will fail to check the security certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Exfiltration

A

People inside your organization may take data out on a USB drive or DVD-ROM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Misconfigured Devices

A

Leaving open doors on accident from poor software development, oversight, or outdated software. Additionally running a debut code could give up enough information for the bad guys to get inside. If firewall rules are under-configured, the attackers might find a loophole. Content filters, access points, etc. can all have misconfigurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Weak Security Configs

A

Some security setups are vulnerable through brute force or have too many flaws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Human Condition

A

People make mistakes. Going to bad websites, forgetting security protocols, committing policy violations, or having more permissions than they need. Social engineering! Social Media mistakes, emails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Unauthorized Software

A

Putting software on a computer connected to your network could create problems. Malware/Spyware or software conflicts that cause apps to misbehave.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Standardization

A

Keep everything well documented; configuration, logs, alerts, policies etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Software License Compliance

A

Licenses come in various forms through different methodologies. These can get outdated or expire and cause apps to stop working. Data loss can occur in these instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Asset Management

A

Identify all your assets and keep an eye on them Know who, what, where. Track everything and verify that all devices are up to date.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly