Cyber Security Tutorial

Cyber Security Overview Cyber Security Introduction Cyber Crime Cyber Space Cyber Criminals Cyber Law Cyber Attackers Types of Hackers Functions of Cyber Security Method to Improve Data Security Cyber security frameworks Importance of Cyber Security Types of Cyber Security Cyber Security Fundamentals Applications of cyber security Cyber security in education sector Cyber security in health care industry Cyber security tools Cyber security policies Types of security policies Characteristics of cyber security policies Digital signature Cyber Security Standards NIST- National Institute of Standard and technology Information Technology Act ISO - International Standard for Organization ISO certification PCI DSS Standard FINRA Difference between Information Security and Cyber Security Cyber Security Vulnerability Elements of vulnerability management Social Engineering Vulnerability Assessment Vulnerability management Types of cyber security vulnerabilities Identification of security vulnerability Types of social engineering attacks Penetration Testing Penetration Testing Tools Types of penetration testing Process of Penetration Testing What is Phishing Elements of cyber security Difference between Spoofing and Phishing Difference between Network Security and Cyber Security Difference between Ethical Hacking & Cyber Security Role of artificial engineering in cyber security Cyber Forensics Definition Cyber Security job qualifications Cyber Security Prerequisites Cyber Security Identity and Access Management What is Cyber Forensics Different Types of Cybercrime Different types of cybercrime Tunneling Techniques in Cyber Security

Types of cyber security vulnerabilities
2022-07-13 00:32:24

Types of cyber security vulnerabilities

The user must know all the vulnerabilities to understand cyber security vulnerabilities and build a vulnerability management program. Here are some of the common types of cyber security vulnerabilities:

  • System misconfigurations
    The reason behind system configurations is network assets have vulnerable settings and disparate security controls. Cybercriminals exploit system misconfigurations and network gaps as they always look for them to harm the system. But we can't stop system misconfiguration. These are on a hike due to rapid digital transformation. When implementing new technologies in the system, the user must work with cyber security experts to handle and prevent the vulnerabilities.
  • Weak and missing authorization credentials
    It is a common vulnerability easily exploited by attackers where they gain access to the system and network through analyzing and guessing employees' credentials. This problem can be tackled by educating employees on cyber security best practices so that they become capable of preventing their information by protecting their credentials (user ID, password) from getting exploited to gain access to a network.
  • Unpatched or out-of-date software
    An unpatched or out-of-date software vulnerability is the same as system configuration, where cyber attacks find a weakness in the software and attack it to gain the system's access. Cyber security experts regularly work on the software updation where they create patches for the weakness by establishing a patch management schedule with the help to prevent the software from being exploited. New system patches are implemented in the new version of the software; therefore, updating the out-of-date software regularly is important.
  • Zero-day vulnerability
    These vulnerabilities are known to attackers but not identified by an organization until an attack happens due to zero-day vulnerabilities. There is no defending the system against these vulnerabilities until they are reported to the system vendor. These are extremely dangerous as they can't be prevented (they don't have any defense system). To minimize the zero-day attacks, users remain alert and monitor the system for vulnerabilities.
  • Missing or poor data vulnerability
    Communication between systems takes place over a network, and information is sent in encrypted form. Still, when communication is interrupted or has poor or unencrypted information, then it's a great chance for cyber attackers to extract critical information and inject false information onto a server. This can damage the reputation and trust of an organization to its customers and the working of the organization's cyber security compliance. Data breach they had led to substantial fines from regulatory bodies.
  • Malicious threats inside
    The employee does the communication for the completion of their task, but sometimes knowingly or unintentionally, employees end up sharing information that helps cyber criminals breach the network. Tracing these inside threats is difficult as all these actions will appear legitimate. To prevent these vulnerabilities, organizations must invest in network access control solutions. Another method is that employees are allowed restricted access to the system according to their role, seniority, and expertise.
  • Psychological vulnerability
    These are human-caused vulnerabilities but different from insider threats as here, everyone is susceptible to them. Being human, we have inert psychological drivers (less knowledge of the internet, attracted toward fake offers and like urge for self-preservation, a fear of danger, and an eagerness to save/get exclusive benefits. Hackers exploit human psychological weakness through social engineering by convincing them to accept/unlock a benefit that allows them to breach the information. For example, users click on email spoofing promotional discounts or downloading malware into the system.
  • Common software security vulnerabilities
    • Missing authorization
    • SQL injections
    • Missing Data encryption
    • Path traversal
    • Weak passwords
    • Use of broken algorithms
    • Software already infected with a virus
    • Bugs
    • URL redirection to untrusted sites
    • The download of codes without integrity checks
    • Cross-site scripting
    • Forgery
    • Reliance on untrusted inputs in a security decision
    • Buffer flow
    • OS command injection

Prevention/ Reduction of computer security vulnerabilities

Protection of data/ information is important for various reasons and is an integral part of the business.

  1. Patch software regularly
    To reduce vulnerability in the system, a process of monthly scanning and remediation is necessary. This regimen is important to fix High and Medium severity vulnerabilities and keep remediation activities manageable. Due to this, new vulnerabilities are discovered, and patches are applied to them that will change the system. Now we are working in a dynamic cyber threat landscape; therefore, sometimes, it is difficult to understand what's happening in the network.
  2. Minimize local Administrator privileges
    If a user is operating a system and has all the administration permissions, then it's a clear path for the malware as it runs in the security context of the logged-on user. Some applications need special permissions to run properly, so for them, you must use "Compatibility Mode" or the "Run As" command as an alternative.
  3. Configure system securely
    The operating system should be securely configured in these ways:
    • For the servers, you must require SMB signing, which means that the server on the network has to digitally sign communication which helps prevent unauthorized devices or servers' communication.
    • Center for Internet security must be referred for further best practices.
    • Two old broadcast protocols, NetBIOS and Link-Local Multicast Name Resolution (LLMNR), made for backup compatibility by Microsoft, should be disabled. It is good to disable them because it reduces the attack surface, and these are not required anymore.
  4. Practice secure network engineering
    Practicing secure network engineering refers to the utilization of methods that keep the network secure and vulnerable free such as:
    • Never use default passwords.
    • The network should be segmented to limit system access, and information is provided to the required one only (not accessible to everyone due to network segmentation).
    • Users must have a hardening checklist guide for technologies, each type of operating system, critical applications, and protocols in use.
    • Image updation and other updation released are required timely; for that, you must have an image library & process/program approach.
  5. Changing default passwords
    As we all know, default passwords are well-known and exploited attack surfaces by attackers. Keeping this in mind, it is directed to the user to change the default password as soon as possible. It helps in reducing human-created vulnerabilities.
  6. Enforcing a password policy and two-factor authentication
    To overcome the vulnerabilities, you must ensure the policy is followed using technical controls. By providing cyber security training, employees understand the importance of policy and the need for two-factor authentication. For this, employees are provided with password management tools and techniques that help in reducing vulnerabilities.
  7. Make sure to have working and tested backups of key system/data
    The best way to reduce vulnerabilities is to find issues regularly and keep things up-to-date. Working and testing backups of key systems will shrink the attack surface available to cyber criminals.
  8. Using secure software development practices
    Software developers design or write the code without keeping the security measures in mind. Coders write the code that works, and for that, they require special training. Therefore, codes must use secure development practices to do the coding that works securely. For that, OWSAP – Open Web Application Security Project is a great source of learning and doing.
  9. Unique local administrator password for each device
    In a Microsoft operating system, the administrator must have a unique password. Usually, Microsoft provides a password tool named Microsoft LAPS- Local Administrator Password Solution that handles the unique local administrator password.

Some other practices for preventing security vulnerabilities are:

  • By following a least privilege access model
    For communication, the least privilege access model is followed as it entails that access is extended to humans, automated bots a systems to perform only the required tasks and nothing more. This security access will be available during the scheduled hours and revoked after work. For example, a supply chain partner uses a remote device for some hours to access your network systems and perform maintenance. If guests need to log in to the corporate network, they can only access it according to the least privilege principle, where they cannot go beyond the limits. With this principle, hackers are prevented from misusing excess rights and misusing human psychology.
  • Start a bug bounty program.
    Hackers worldwide find vulnerabilities and securities flaws in product offerings and public-facing systems. Major companies use a bug bounty program or websites like Google, Microsoft, Facebook, Slack, etc., to invite large groups or individual ethical hackers or testers to find bugs in their code. This program is a good public relation for a firm as it indicates to the regulators and public that an organization has a mature security program. Many organizations had paid large amounts of money to the hackers who had found bugs in their systems. It is a great method to find vulnerabilities before unethical hackers exploit them.
  • A strong business continuity plan is a must.
    Ransomware attacks are a big threat to businesses as cyber-criminals target organizations and threaten them for money. Else they publically reveal or destroy business-critical data. Therefore to prevention against them, an organization uses or implements a business continuity or disaster recovery plan (BC/DR) to prevent them. This plan ensures a business has a backup database to keep all operations running during the attack. This plan reduces the impact of a potential data breach. It gives time to report the attack to authorities, find its origin and reason for attacking, take legal actions and ensure that business will not be interrupted.  
  • Secure the APIs and inventory native integrations
    API- Application Program Interface is a user interface using which two applications talk. It becomes mandatory to secure the API to prevent the internal infrastructure and exposure of sensitive data to public sites. Hackers can easily access API through the public network and insert themselves between the communication to gather information from both by posing as one or the other. In the cyber security world, this attack is called a "man in the middle attack." Still, this attack/ vulnerability can be prevented using HTTPS protocol by web resources and API access by users/machines from trusted IPs. Another method is maintaining an inventory of all the APIs used in the application landscape (provided by third-party software vendors).   
  • Encourage a culture of skepticism.
    The users (the system's weakest link) are the main method of preventing the vulnerabilities. Training users on what to avoid, what to do, and what not to do while using the internet and working includes a culture of skepticism. For improving cyber security in an enterprise, there are various ways of encouraging a culture of skepticism. This can be carried out by regular user awareness training to in-app prompts. For example, a pop-up asks about the user confirmation, "are you sure you want to click on that hyperlink?"
    Users must get skeptical while working on a website during off days, someone asks for the payment, and at the same time, users get skeptical and raise red flags.

Note: All these prevention methods will help strengthen organizational security and find the risk of vulnerabilities in the ecosystem. Organizations must keep themselves ahead of criminals to protect their business and the global user community.