10 hours 32 minutes
Welcome to Cyber is Video, Siri's and the comedy A Security Plus 5 +01 Certification and Exam.
I'm your Instructor, Round Warner.
In this video, I'll be covering section 1.6, which is part of domain one on threats, attacks and vulnerabilities.
In this video, I'll explain the impact associated with different types of vulnerabilities. See the previous video for the definition of vulnerability.
There are many types of vulnerabilities you'd be aware of as you're studying for security. Plus,
once I'll be covering in this video. Include
and put improper input. An error handling
Miss Configuration we configuration and default configuration
improperly configured accounts
Week cipher, sweets and encryption
memory, buffer overflows, architectural and design weaknesses
and new threats. Such a zero days
referred to your study material for information. As I talked through each of these types of vulnerabilities,
I'll start with race condition.
A race condition involved software specifically the way a program executes sequences of code.
It typically occurs when code sequences are competing over the same resource, are acting concurrently.
They can result in malfunction and unexpected results such as denial of service.
A race condition basically just exploits a small window of time in which one acts. One action impacts another.
He's out of sequence. Actions can result in a system crash, loss of data
or unauthorized access.
Another vulnerability type is improper. Input handling.
Examples include types of injections that I've talked about in different videos.
Improper input handling is when a system does not validate input properly. So say you have a Web page that's not scrubbing the input from untrusted sources.
An attacker would be able to craft the input in a form that is not expected by the rest of the application.
This will lead the parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource and arbitrary code. Execution
examples include sequel injection,
but for overflows, other type of code injections All are due to improper and put handling.
There's also improper error handling
when a system generates an error message that includes sensitive information about its environment users or associated data.
Once again, I talk about this in the session about Web applications, security,
other common vulnerability types you need to know clued miss configuration and weak configuration. So taking a default configuration is one example. Using insecure configuration control settings with your browser's or systems and policies, or with your wife. I
default configurations when you're just running things out of the box without applying any type of security baseline,
you should review any default settings to make sure they're within your security parameters.
Encryption and cryptography using week cipher sweets
using old or less robust cryptographic algorithms for encrypting data.
For example. Dez and wept.
If you're not familiar with these, refer to the section on encryption and cryptography.
Last is improper certificate and key management
allowing unauthorized access to your encryption keys or certificates? It's not protecting your private keys.
This allows sensitive data.
Potentially to be decrypted. Also allows digital certificates to expire.
We'll continue talking about other types of vulnerabilities,
improperly configured accounts. So these are accounts that have too many privileges thin. They should.
This is solved by least privilege.
Should run on Lee with the minimum amount of access you need to do your job. This includes users, people and system accounts.
Resource exhaustion is a simple denial of service. Condition that happens when resource is required to execute in action
are entirely expended,
preventing that action from occurring. So using too much memory, whether it's RAM or hard disk memory using too much processing power,
this can happen within virtual ization.
Vulnerable business process is also known as business process. Compromise, silently altering parts of specific business processes or machines, facilitating these processes in order to gain access to systems or generate monetary profit.
So it's bypassing or changing a business process. So it's not a technical type of vulnerability but more associated with the people. Aspects of cyber security
system sprawl. Undocumented asset is another type of vulnerability
where employees may bring in their own I T assets and plug them into your corporate network.
Allowing uncheck systems and devices on that internal network is a vulnerability.
This is caused by a lack of an internal inventory system. So it's salt by mapping your network, knowing all the systems and devices on your network and having that inventory system.
Architecture and design weaknesses happened when an insecurely designed networker system architecture are allowed to persist on the network.
Certification in accreditation off all systems on the network solves this issue.
For example, not segmenting systems on an internal network could be architectural weakness, so you're allowing your accounting group access to your manufacturing systems. Those should be on two different network segments.
Refer to the video where I talk about network segmentation for information on that concept.
There are also vulnerabilities associated with end of life systems. These are operating systems or applications that are no longer supported by the vendor.
UN. Supported software means more than just lack of technical support or poor reliability.
The vendor also is not providing patches for newly discovered vulnerabilities.
For example, Windows X P no longer fully supported by Microsoft.
So an attacker might be looking for Windows X P systems on your network, knowing that their end of life
embedded systems involved using specialized chips within devices that contain operating systems themselves.
Essentially, these chips are the computer.
The growth of Internet of things further highlights the challenges surrounding such systems.
Embedded systems present management challenges and can be difficult to patch.
As a result, these types of systems can have severe impact on a business
if if exploited.
Last topic for this slide is that lack of vendor support your application should have support from the vendor, and you should be relying on that vendor to provide patches and updates, particularly for any large security vulnerabilities.
If you don't have vendor support, make sure you have compensating controls in place to protect those systems.
The last set of vulnerabilities I'll discuss for this section couldn't memory and buffer overflows.
At their best, memory leaks reduce the performance of a system.
If left unchecked, they can cause the entire application or computer to become unresponsive,
thus impacting a systems availability
that could also allow unauthorized access into the application network or system.
For example, in trigger overflows conf, a CE Illit eight malicious code or a buffer overflow,
a buffer overflow can result in system crashes impacting the system's availability.
In addition, attacker might cause a buffer overflow to execute code outside that specific application
code injection, such as DLL injection,
specifically allows an attacker to run code within the context of another process,
making it more difficult for an organization to trace the attack.
Preventing these attacks begins with using secure coding practices
and extending those practices through patching and updates.
In this video I covered section 1.6, explain the impact associated with types of vulnerabilities.
Let's practice on a sample quiz question
question. In this type of vulnerability, accounts have greater privileges that are needed to perform a function.
This is solved by at least privilege.
The answer is
a improperly configured accounts.
Refer to your study notes for information on these terms.
This concludes the video for section 1.6, where I explained the impact associated with types of vulnerabilities.
Use your study material to learn about these and other security plus concepts.
domain one on threats, attacks and vulnerabilities.
CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.