Misconfiguration Vulnerabilities 2.3 Flashcards
1
Q
Permissions
A
- The range of activities permitted on an object by an actor in a system.
- Very easy to leave a door open.
2
Q
Open Permissions
A
- When permissions are not properly set.
- Increasingly common with cloud storage.
3
Q
Administrative/Root Accounts
A
- Have elevated privileges and require closer scrutiny as to who is issued these credentials
4
Q
Insecure Protocols
A
- Some protocols aren’t encrypted
- All traffic sent in the clear.
5
Q
Packet Capture (PCAP)
A
- The methods and files associated with the capture of network traffic in the form of text files.
- Verifies if a data is secure or insecure.
6
Q
Default Settings
A
- Can be a security risk unless they were created with security in mind.
- Create these settings as the default configuration baseline.
7
Q
Mirai Botnet
A
- Takes advantage of default configurations.
- Takes over Internet of Things (IoT) devices.
- Is Opensource
8
Q
Open Ports and Services
A
- Important to manage access as this provides some access to certain systems.
- Managed by firewalls which can sometimes add more complexity.
9
Q
Firewalls
A
- Rules can be complex
- Always test and audit
