Any weakness in the system has the potential to be dangerous and seriously harm the organisation. Ethical hackers must be aware of the different kinds of vulnerabilities they may encounter as well as the different methods for assessing vulnerabilities.
CLASSIFICATION
Vulnerabilities present in a system or network are classified into the
following categories:
Misconfiguration
The most prevalent vulnerability, misconfiguration, is mostly the
result of human error and gives attackers access to the system without
authorisation. It impacts databases, networks, web servers, and application
platforms and can occur unintentionally or on intentionally. Using scanning tools, attackers can quickly identify these
misconfigurations and take advantage of the backend systems. As a result,
administrators need to optimise device security and modify the devices'
default configurations.
Default Installations
Default Installations are usually user-friendly especially when the device
is being used for the first time when the primary concern is the usability
of the device rather than the device's security. Failing to change the
default settings while deploying the software or hardware allows the
attacker to guess the settings to break into the system.
Buffer Overflows
Buffer overflows result from code mistakes and provide attackers access to the
target system. In a buffer overflow attack, the attacker tries to gain control
of the system by writing more data than the buffer can hold. This compromises
the functionality of applications.
Unpatched Servers
Organisations frequently operate unpatched and incorrectly configured servers,
endangering the security and consistency of the data within their system. This
can lead to the exposure of private data, financial loss, and discontinuation
of operations. Software updates regularly and adequate system maintenance,
such as patching and bug fixes, can help reduce vulnerabilities brought on by
unpatched servers.
Design Flaws
Design vulnerabilities are logical defects in the system's operation that
attackers make use of to get past the detection mechanism and get access to a
secure system. Examples of these flaws include incorrect encryption and poor
data validation.
Operating Systems Flaws
Timely patching of the OS, installing minimal software applications, and using
applications with firewall capabilities are essential steps that an
administrator must take to protect the OS from attacks.
Application Flaws
Applications with bugs can cause security risks such as data manipulation and
unauthorised access to configuration stores, which can lead to the loss or
corruption of important data if they are not safeguarded. Because of this,
programmers need to comprehend the structure of typical security flaws and
create extremely safe programs by ensuring appropriate user validation and
authorisation.
Open Services
Open ports and services give hackers the ability to launch additional attacks
on other linked devices as well as cause data loss or denial of service
attacks. To lower the danger to the network, administrators must constantly
look for unused or insecure ports and services.
Default Passwords
When a device is first set up, its manufacturers provide customers with the
default password; they have to change it before using it again. By utilising the default passwords and forgetting to update them, users
expose devices and systems to a variety of assaults, including dictionary and
brute force attacks.
You might be interested in,
- Phases of Hacking
- Introduction to Vulnerability Assessment
- Vulnerability Management Assessment Phase
- Vulnerability Assessment Types
- Vulnerability Assessment Solutions and Tools
- Vulnerability Assessment Reports
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
No comments:
Post a Comment