Discussion I

Career Relevancy

One of the easiest ways to protect an organization's network is to use vulnerability and scanning tools. Vulnerability management includes making sure that software used on an organization's systems is up to date and not vulnerable to attack. These tools will help find security holes in a network and give the analyst a chance to patch their network. Penetration testing is by far the most efficient way to see what attackers may use to infiltrate your network.

Background:

Attackers perform vulnerability analysis to identify security loopholes in an organization’s network, communication infrastructure, and end systems. The identified vulnerabilities are used by the attackers to perform further exploitation of the network. On the other hand, vulnerability assessment plays a major role in providing security to any organization’s resources and infrastructure from various internal and external threats. To secure a network, an administrator needs to perform patch management, install proper antivirus software, check configurations, solve known issues in third-party applications, and troubleshoot hardware with default configurations. All these activities together constitute vulnerability assessment.

In a network, there are generally two main causes for systems being vulnerable: software/hardware that is misconfigured or poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organizational resources. This section gives an overview of vulnerability assessment, classification, types of vulnerability assessments and vulnerability assessment phases.

Vulnerability research is the process of discovering vulnerabilities and design flaws that will open an operating system and its applications to attack or misuse. An administrator needs vulnerability research to:

· Gather information about security trends, threats, and attacks

· Find weaknesses, and alert the network administrator before a network attack

· Get information that helps prevent the security problems

· Know how to recover from a network attack

An ethical hacker needs to keep up with the most recently discovered vulnerabilities and exploits in order to stay one step ahead of attackers through vulnerability research. Vulnerability research includes:

· Discovering system design faults and weaknesses that might allow attackers to compromise a system

· Being informed about new products and technologies in order to find news related to current exploits

· Checking underground hacking Web sites for newly discovered vulnerabilities and exploits

· Checking newly released alerts regarding relevant innovations and product improvements for security systems

· Security experts and vulnerability scanners to classify vulnerabilities by severity level (low, medium, or high) and exploit range (local or remote)

A system's or network's vulnerabilities fall under the following categories:

· Misconfiguration is the most common vulnerability that is mainly caused by human error, which allows attackers to gain unauthorized access to the system. This may happen intentionally or unintentionally affecting web servers, application platform, database, and network. A system can be misconfigured in many ways, including:

· An application running with debug enabled

· Outdated software running on the system

· Running unnecessary services on a machine

· Using misconfigured SSL certificates and default certificates

· Improperly authenticated external systems

· Disabling security settings and features

Attackers can easily detect these misconfigurations using scanning tools and then exploit the back-end systems. It is important for the administrators to change the default configuration of devices and optimize the security of the devices.

Default installations are usually kept user-friendly especially when the device is being used for the first time, as the primary concern is the usability of the device rather than the device's security. In some cases, infected devices may not contain any valuable information, but they are connected to networks or systems that have confidential information that would result in a data breach. Not changing the default settings while deploying the software or hardware allows the attacker to guess the settings in order to break into the systems.

Buffer overflows are common software vulnerabilities that happen due to coding errors; these errors allow attackers to get access to the target system. In a buffer overflow attack, attackers undermine the functioning of programs and try to take control of the system by writing content beyond the allocated size of the buffer. Insufficient bounds checking is the root cause of this because the buffer is not able to handle data beyond its limit, causing data to flow into adjacent memory locations, overwriting their data values. Systems often crash, become unstable, or show erratic program behavior when a buffer overflow occurs.

Servers are an essential component of the infrastructure of any organization. There are several cases where organizations run unpatched and misconfigured servers, compromising the security and integrity of the data in the system. Hackers pay particular attention to these vulnerabilities. As these unpatched servers are a hub for the attackers, they serve as an entry point into the network. This can lead to exposure of private data, financial loss, discontinuation of operations, etc. Updating software regularly and maintaining systems properly by patching and fixing bugs can help in mitigating vulnerabilities caused due to unpatched servers.

Vulnerabilities that are caused due to design flaws are universal to all operating devices and systems. Design vulnerabilities, such as incorrect encryption or poor validation of data, refer to logical flaws in the functionality of the system that are exploited by attackers to bypass detection mechanisms.

Due to vulnerabilities in operating systems, applications such as Trojans, worms, and viruses pose threats. These attacks are performed by using malicious code, script, or unwanted software, which result in the loss of sensitive information as well as control over computer operations. Timely patching of OS, installing minimum software applications, and limiting the use of applications with firewall capabilities are essential steps that an administrator should take to protect OS from any attack.

Application flaws are vulnerabilities in applications that are exploited by the attackers. Applications should be secured using validation and authorization of the user. If the applications are not secured, sensitive information may be lost or corrupted. Therefore, it is important for developers to understand the anatomy of common security vulnerabilities and develop highly secure applications by providing proper user validation and authorization.

Open ports and services may lead to loss of data, DoS attacks and allow attackers to perform further attacks on other connected devices. Administrators need to continuously check for unnecessary or insecure ports and services to reduce the risk on the network.

Manufacturers provide default passwords to the users to access the device during initial set-up, and users need to change the passwords for future use. However, users forget to update the passwords and continue using the default passwords making devices and systems vulnerable to various attacks such as brute-force, dictionary attack, etc. Attackers exploit this vulnerability to obtain access to the system. Protect all passwords. Failure to keep passwords confidential can lead to system compromise.

Prompt

Design, operating system, and application flaws can create vulnerabilities in networks. Should engineers work to recreate the original applications to remove the flaws or should patches be the solution to reducing vulnerabilities? Explain and support your answer.

For your citation, you might use articles that show examples these flaws defined. Explore options organizations have for protecting themselves from being victims of these flaws.