Network Security/ 5.9 Network Device Vulnerabilities
Common Vulnerabilities and Exposures (CVEs)
A repository of vulnerabilities hosed by MITRE Corporation
Privilege escalation
A software bug or design flaw in an application that allows an attacker to gain access to system resources or additional privileges that aren't typically available examples of privilege escalation: 1. A user accessing a system with a regular user account that is able to access functions reserved for higher-level user accounts (such as administrative features). 2. A user who is able to access content that should only be accessible to a different user. 3. A user who should only have administrative access that can access content that should only be available to a regular user.
Zero-day vulnerability
A software vulnerability that is unknown to the vendor that can be exploited by attackers
Backdoor
An unprotected and usually lesser known access method or pathway that may allow attackers access to system resources
An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later. Which type of attack is this an example of?
Backdoor
In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development. Which vulnerability are you attempting to prevent?
Backdoor
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. Which type of security weakness does this describe?
Backdoor
For security, what is the first thing you should do when new hardware and software is turned on for the first time?
Change default account names and passwords immediately
When setting up a new wireless access point, what is the first configuration change that should be made?
Default login
Which of the following are characteristics of a complex password? (Select two.)
Has a minimum of eight characters Consists of letters, numbers, and symbols
An attacker has gained access to the administrator's login credentials. Which type of attack has most likely occurred?
Password cracking
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation
Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig's folder. This situation indicates which of the following has occurred?
Privilege escalation
Why is it important to apply new firmware or patches for devices?
Software updates may help fix bugs before they happen
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You've configured the management interface with a username of admin and a password of password. What should you do to increase the security of this device?
Use a stronger administrative password.
What are the resources you can use to keep track of existing technology vulnerabilities in an organization?
VMDR (Vulnerability Management, Detection, and Response
What are the characteristics of a complex password?
typically over 8 characters and a mix of character types (numbers and symbols) along with requirements that the passwords are not words, variations of words or derivatives of the username