Security concerns related to vulnerabilities Flashcards
What is Cloud-based vs. on-premises vulnerabilities
An application vulnerability is a design flaw that can cause the security system to be circumvented or that will cause the application to crash.
On-premises risks refer to software vulnerabilities, weak configurations, and third-party issues arising from hosts, servers, routers, switches, access points, and firewalls located on a private network installed to private offices or campus buildings. Many companies use cloud services to fully or partly support business workflows. The third-party vendor management, code, and data storage risks discussed previously apply directly to cloud as well as to on-premises. Software and weak configuration risks can also apply, however. They are not the sole responsibility of the cloud service provider (CSP). Clouds operate a shared responsibility model. This means that the cloud service provider is responsible for the security of the cloud, while the cloud consumer is responsible for security in the cloud. The types of software and configuration vulnerabilities that you must assess and monitor vary according to the nature of the service.
What is Zero-day
A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.
What is Weak configurations
Open Permissions Unsecure root account Errors Weak encryption Unsecure protocols Default settings Open ports and services
What is Open permissions
Open permissions refers to provisioning data files or applications without differentiating access rights for user groups.
What is Unsecure root accounts
The root account, referred to as the default Administrator account in Windows or generically as the superuser, has no restrictions set over system access. A superuser account is used to install the OS. An unsecured root account is one that an adversary is able to gain control of, either by guessing a weak password or by using some local boot attack to set or change the password.
What is Errors
Weakly configured applications may display unformatted error messages under certain conditions. These error messages can be revealing to threat actors probing for vulnerabilities and coding mistakes. Secure coding practices should ensure that if an application fails, it does so “gracefully” without revealing information that could assist the development of an exploit.
What is Weak encryption
Encryption algorithms protect data when it is stored on disk or transferred over a network. Encrypted data should only be accessible to someone with the correct decryption key.
What is Unsecure protocols
An unsecure protocol is one that transfers data as cleartext; that is, the protocol does not use encryption for data protection. Lack of encryption also means that there is no secure way to authenticate the endpoints. This allows an attacker to intercept and modify communications, acting as man-in-the-middle (MITM).
What is Default settings
Relying on the manufacturer default settings when deploying an appliance or software applications is one example of weak configuration. It is not sufficient to rely on the vendor to ship products in a default-secure configuration, though many now do. Default settings may leave unsecure interfaces enabled that allow an attacker to compromise the device. Network appliances with weak settings can allow attackers to move through the network unhindered and snoop on traffic.
What is Open ports and services
Network applications and services allow client connections via Transport Control Protocol (TCP) or User Datagram Protocol (UDP) port numbers. The clients and servers are identified by Internet Prototocol (IP) addresses. Servers must operate with at least some open ports, but security best practice dictates that these should be restricted to only necessary services. Running unnecessary open ports and services increases the attack surface.
What is Third-party risks
Vendor management System integration Lack of vendor support Supply Chain Outsourced code development Data storage
What is Vendor management
Policies and procedures to identify vulnerabilities and ensure security of the supply chain.
Is a process for selecting supplier companies and evaluating the risks inherent in relying on a third-party product or service.
What is System integration
System integration refers to the process of using components/services from multiple vendors to implement a business workflow.
What is Lack of vendor support
The vendor for a variety of reasons has ceased providing a good service or failed to provide good service or security.
What is Supply chain
A supply chain is a network between a company and its suppliers to produce and distribute a specific product to the final buyer.
What is Outsourced code development
The problem of effective oversight is particularly pertinent to outsourced code development. Many companies do not have in-house programming expertise, but without such expertise it is hard to ensure that contractors are delivering secure code. A solution is to use one vendor for development and a different vendor for vulnerability and penetration testing.
What is Data storage
There are two main scenarios for risks to data when using third parties. First, you may need to grant vendor access to your data, and second, you may use a vendor to host data or data backups and archives.
What is Improper or weak patch management
FirmWare
Operating Systems
Applications
What is Firmware
Firmware—vulnerabilities can exist in the BIOS/UEFI firmware that controls the boot process for PCs. There can also be bugs in device firmware, such as network cards and disk controllers. Finally, network appliances and Internet of Things (IoT) devices run OS code as a type of firmware. Like kernel vulnerabilities, firmware exploits can be difficult to identify, because the exploit code can run with the highest level of privilege.
What is Operating system (OS)
Operating system (OS)—an application exploit will run with the permissions of the logged on user, which will hopefully be limited. A vulnerability in an OS kernel file or shared library is more likely to allow privilege escalation, where the malware code runs with higher access rights (system or root).
What is Applications
An application vulnerability is a design flaw that can cause the security system to be circumvented or that will cause the application to crash.
What is Legacy platforms
A legacy platform is one that is no longer supported with security patches by its developer or vendor.
What is Impacts
Data loss Data breaches Data exfiltration Identity theft Financial Reputation Availability loss
What is Data loss
Data loss is where information becomes unavailable, either permanently or temporarily.
What is Data breaches
A data breach event is where confidential data is read or transferred without authorization. A privacy breach is where personal data is not collected, stored, or processed in full compliance with the laws or regulations governing personal information. A breach can also be described as a data leak. A data breach can be intentional/malicious or unintentional/accidental.
What is Data exfiltration
Data exfiltration is the methods and tools by which an attacker transfers data without authorization from the victim’s systems to an external network or media. Unlike a data breach, a data exfiltration event is always intentional and malicious. A data breach is a consequence of a data exfiltration event.
What is Identity theft
A privacy breach may allow the threat actor to perform identity theft or to sell the data to other malicious actors. The threat actor may obtain account credentials or might be able to use personal details and financial information to make fraudulent credit applications and purchases.
What is Financial
All these impacts can have direct financial impacts due to damages, fines, and loss of business.
What is Reputation
Major events might cause widespread adverse publicity on social media and mainstream media. In anticipation of these impacts, incident handling teams should include public relations (PR) and marketing expertise to minimize reputational damage.
What is Availability loss
Availability is sometimes overlooked as a security attribute compared to confidentiality and integrity, but it can have severe impacts on business workflows. If processing systems are brought down by accidental or malicious disaster events, a company may not be able to perform crucial workflows like order processing and fulfillment.
