Lesson 8: Explain Vulnerability Management Flashcards
Define ‘Vulnerability management’
Identifying/reporting, evaluating, and remediating, security vulnerabilities in OSs, applications, and other components of IT operations.
Define ‘Vulnerability scanning’
Utilized to identify potential weaknesses in an organization’s digital assets automatically.
Define a ‘Vulnerability’
Flaws in the operating system’s design, errors in code, or insecure default settings.
What are typical vulnerabilities found in Microsoft Windows OS’?
Buffer overflows, lack of input validation, and privilege flaws.
What are typical vulnerabilities found in Mac OS?
Weak access controls, insecure boot processes, and third-party software.
What are typical vulnerabilities found in Linux OS?
Kernel vulnerabilities, misconfigurations, and unpatched systems are common issues in Linux.
Define a ‘Legacy and End-of-Life (EOL) System’
The manufacturer or vendor no longer supports EOL systems, so they do not receive updates, including critical security patches.
What is the difference between a ‘legacy system’ and an ‘‘End-of-life system’?
Legacy systems typically describe outdated software methods, technology, computer systems, or application programs that continue to be used despite their shortcomings.
Define ‘firmware’
Software that controls hardware.
Define ‘VM escape’
An attacker with access to a VM breaks out of its isolated environment and gains access to the host system or other VMs running on the same host.
Define a ‘Zero-day vulnerability’
Previously unknown software or hardware flaws that attackers can exploit before developers or vendors become aware of or have a chance to fix them.
Define ‘responsible disclosure’
A procedure followed by ethical hackers after a zero day is found, to privately inform the vendor so a patch can be developed before the vulnerability is publicly disclosed.
How can misconfiguration of infrastructure lead to vulnerabilities?
Unauthorized access, data leaks, or even full-system compromises.
What is the most common form of misconfiguration?
Leaving default configurations.
How can troubleshooting lead to vulnerabilities?
Disabling security features or loosening access controls to help isolate a problem without changing back to secure configuration.
Define a ‘Cryptographic vulnerability’
Weaknesses in cryptographic systems, protocols, or algorithms that can be exploited to compromise data.
Define ‘Rooting’
Gaining superuser-level access over an Android-based mobile device.
Define ‘Jailbreaking’
Describes gaining full access to an iOS device by removing the limitations imposed by Apple’s iOS operating system.
Define ‘Sideloading’
Installing applications from sources other than the official app store of the platform
How can an organization prevent rooting/jailbreaking/sideloading?
By disabling access to unverified app stores or installing apps from unofficial sources.
Define an ‘Application race condition’ vulnerability
Software flaws associated with the timing or order of events within a software program, which can be manipulated, causing undesirable or unpredictable outcomes.
What is the outcome of an Application race condition vulnerability?
Data corruption or unauthorized access.
Define a ‘time-of-check to time-of-use (TOCTOU)’ vulnerability
Type of application race condition; A system state changes between the time an app performs the check (verification) stage and the use (execution) stage.
Define a ‘memory injection’ vulnerability
Type of security flaw where an attacker can introduce (inject) malicious code into a running application’s process memory.
What is a direct outcome of an attacker exploiting a memory injection vulnerability?
Threat actor can run malicious code with the same privilege level as the vulnerable process that can lead to full system compromise.
What is the desired goal of a threat actor once a memory injection is successful?
To provide unauthorized access or control over the system; Install malware, exfiltrate sensitive data, or create a backdoor for future access.
What contorts are used to mitigate memory injection vulnerabilities?
Secure coding practices; Input/output validation, encoding, type-casting, access controls, application testing.
Define a ‘buffer’
An area of memory that the application reserves to store expected data.
Define a ‘buffer overflow’ vulnerability
A form of memory injection; An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory.
How does a threat actor perform a buffer overflow attack?
The attacker passes data that deliberately overfills the buffer.
What does a buffer overflow allow an attacker to do?
Change the return address, allowing the attacker to run arbitrary code on the system.
What 3 controls have been developed to mitigate buffer overflow vulnerabilities?
- Address space layout randomization (ASLR)
- Data Execution Prevention (DEP)
- Type-safe programming languages
Define a ‘Type-safe programming language’
Program that enforces strict type-checking during compilation and ensures variables and data are used correctly.
What is the purpose of using a type-safe programming language?
Prevents memory-related vulnerabilities and injection attacks.
Define a ‘Malicious update’
An update that appears legitimate but contains harmful code; A vulnerability in software repository or supply chain that a threat actor can exploit to add malicious code to a package.
Define an ‘evaluation scope’
The product, system, or service being analyzed for potential security vulnerabilities or the intended target or an attack.
Define a distinct different between a web application attack and other attacks
Must navigate the client-server model; Requiring the attacker to bypass network and application-level security controls.
Define a ‘cross-site scripting (XSS)’ attack
A malicious script injected into a web site designed to compromise clients browsing the site.
Define a ‘nonpersistent cross-site scripting (XSS)’ attack
The malicious script is obfuscated in a spoofed URL that reflects back to the attacker.
Define a ‘stored/persistent cross-site scripting (XSS)’ attack
The script is injected and permanently stored on the target servers, such as in a database or content management system.
Define a ‘Document Object Model (DOM) cross-site scripting (XSS)’ attack
Attacker injects malicious script into a JavaScript Document Object Model (DOM) to execute their attack solely on the client.
What is the difference between an overflow attack and an injection attack?
Overflow attack works against the way a process performs memory management while an injection attack exploits some unsecure way in which the application processes requests and queries.
Define a ‘SQL injection’ attack
Injection of a malicious/unauthorized SQL query via the input data from a client to the application/server.
Define a ‘side-channel’ attack
Attacker observes the implementation and operation of a system, looking for information to use to exploit the system.
How can cloud services be manipulated by an attacker?
Setup fake websites on cloud services for phishing and malware distribution; Cryptojacking cloud resources for cryptomining.
Define a ‘cloud access security broker (CASB)’
Enterprise management software designed to manage, mediate, and monitor access to cloud services by users across all types of devices.
What are the 3 methods of implementing a cloud access security broker (CASB)?
- Forward proxy
- Reverse proxy
- Application programming interface (API)
Define a forward proxy cloud access security broker (CASB)
Requires configuration of users’ devices; Inspects all traffic in real time, even if that traffic is not bound for sanctioned cloud applications.
Define a reverse proxy cloud access security broker (CASB)
Positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with a policy.
Define an Application programming interface (API) cloud access security broker (CASB)
Brokers connections between the cloud service and the cloud consumer rather than placing a CASB appliance or host inline with cloud consumers and the cloud services.
Define a ‘software bill of materials (SBOM)’
Inventory containing details like component names, versions, and information about the suppliers in a software product.
What is the purpose of a software bill of materials (SBOM)?
Provide transparency and visibility into the software supply chain and potential vulnerabilities; Enables developers, security teams, and end users to understand the functional components of their software.
What is the role of a software bill of materials (SBOM) after a vulnerability has been discolsed?
Supports rapid response and remediation; Security teams can quickly determine whether their software is affected by a disclosed vulnerability.
Define a software dependency check
A Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.
What is the purpose of utilizing a software dependency check?
Detecting outdated or vulnerable components