Security+ 5 Flashcards
2 types of errors occur in vul. scan reports = False Positive : when vul. scan reports vul. that doesnt actually exist, False Negative : when vul. scanner doesnt report vul. that does actually exist; this may be due to misconfig of scanner or vul. that scanner doesnt know if yet.
Credentialed Scanning : vul. scanners can see only what outside world sees, providing the scanner a server account allows it to access actual config which can reduce false pos. rate.
Errors etc …
Product End-of-Life = vendor is announcing they will no longer provide patches for that product. making it hard to impossible for future making it secure.
End-of-Sale = product no longer offered for purchase but vendor supports existing customers.
End-of-Support = vendor will reduce or eliminate support for existing users of product.
Products etc …
Embedded System = not shown to users, and security may be at risk. (research)
Memory Leak = fails to release memory for reuse, could over time cause system to crash.
Memory Pointers = null pointer exception may cause attackers to have access to debugging info for recon, or may allow attacker to bypass security controls.
DLL injection : tricks an app into loading malicious code.
Memory etc …
Race Conditions : when proper functioning of security control depends on timing of actions performed by user or computer. Common race condition : Time of Check/Time of Use = time elapses between authorization and the action but authorization status might have changed during time elapse.
System Sprawl = new devices connected to network but old devices arent promptly disconnected leading them to be open holes in security.
Race Conditions etc …
