Question

In: Computer Science

[DATA COMMUNICATIONS] What is a vulnerability? How are vulnerabilities dealt with and what are the possible...

[DATA COMMUNICATIONS]

What is a vulnerability?

How are vulnerabilities dealt with and what are the possible results of leaving systems vulnerable?

If a system has no vulnerabilities how is it exploited?

Define Social Engineering and the types of attacks that step from Social Engineering.

Solutions

Expert Solution

A vulnerability is a weak point in the system. Each organization has multiple security measures that keeps intruders out and sensitive data secure. We can think of such security measures as the raincoat that covers your body. Vulnerabilities are holes on that raincoat that let the water in.
Through the vulnerabilities, an attacker can find their way into the systems and network and extract sensitive information.

A good vulnerability management procedure can deal with vulnerabilities and helps to reduce the chances of its occurrence through a 3-step process:

1. Identify the vulnerabilities in your systems.
It requires a scan of your systems, applications, networks and devices. Scanning can help in revealing security vulnerabilities.

2. Prioritize them according to their level of risk.
Most of the scans give results that are referred to by their CVE (Common Vulnerabilities and Exposures). This is a standardized system. It generates a numerical criticality score from 1 to 10 (least to most critical) based on various factors.

3. Resolve them with a fast and manageable approach.
After prioritizing vulnerabilities based on severity and asset value, you can address them in manageable way and resolve the most critical ones first. Each of vulnerability in the list should include a title, severity, category, associated threat and proposed solution. With this, you should be able to resolve the most critical vulnerabilities in a manageable and efficient way.

Possible results of leaving systems vulnerable-

1. Denial of service
An attacker who exploited this vulnerability can prevent authorized person from accessing the computing resources.

2. Information disclosure
An attacker who exploited this vulnerability can get access to sensitive information.

3. Elevation of privilege
An attacker who exploited this vulnerability can get higher privileges on compromised systems.

If a system has no vulnerabilities, it would possibly be exploited by exploiting the human behaviour involved in the system.

Social Engineering is an art of exploiting human psychology, rather than technical exploitation techniques, to gain unauthorised access

For example, instead of trying to find a vulnerability in the system, a social engineer might trick an employee into divulging his credentials by posing as someone legitimate.

Here are some attacks that step from social engineering-
1. Phishing: These scams are email or text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims.

2. Pretexting: Here an attacker obtains information through a series of cleverly crafted lies through texting, the attacker pretends to be someone else.

3. Baiting: Attacks uses a false promise to target a victim’s greed or curiosity. And steals their sensitive data.

4. Scareware: It involves victims being flooded with false alarms and threats. Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit.


Related Solutions

Write down top 5 vulnerabilities for a vulnerability scanner and explain in your own words, why...
Write down top 5 vulnerabilities for a vulnerability scanner and explain in your own words, why this vulnerability is an issue.
1. Arachni has its own system for scoring vulnerability severity. Which vulnerabilities do you think are...
1. Arachni has its own system for scoring vulnerability severity. Which vulnerabilities do you think are the most severe/critical? Which are the least severe/critical? 2. How would you categorize the Windows Server that you scannedÑa server that stores and processes health dataÑin terms of its criticality? 3. "If you had to summarize the state of the BxB web app to GCPG's executives, what would you say?"
create two examples for each of the vulnerabilities in the category below and possible fixes ....
create two examples for each of the vulnerabilities in the category below and possible fixes . Missing Encryption of Sensitive Data Execution with Unnecessary Privileges Incorrect Permission Assignment for Critical Resource
can you create two examples for each of the vulnerabilities in the category below and possible...
can you create two examples for each of the vulnerabilities in the category below and possible fixes Use of a Broken or Risky Cryptographic Algorithm Improper Restriction of Excessive Authentication Attempts Use of a One-Way Hash without a Salt
how is interest groups dealt/impacted with healthcare? or how is healthcare dealt/impacted with healthcare?
how is interest groups dealt/impacted with healthcare? or how is healthcare dealt/impacted with healthcare?
What is the vulnerability model of schizophrenia? How does it account for schizophrenia developing in an...
What is the vulnerability model of schizophrenia? How does it account for schizophrenia developing in an individuals with a low genetic predisposition? How does it account for schizophrenia NOT developing in some with a high genetic predisposition?
What is the possible agency conflict between inside owner/managers and outside shareholders? Have you ever dealt...
What is the possible agency conflict between inside owner/managers and outside shareholders? Have you ever dealt with an agency conflict at your job or heard of an agency conflict from someone you know? Describe an agency conflict and the harm it can have on an agency.
•What is the significance of ranking the vulnerabilities by severity level? •What is the significance of...
•What is the significance of ranking the vulnerabilities by severity level? •What is the significance of the Executive Summary in the Nessus Essentials report?
What is the current state of wireless security? What are the vulnerabilities? What are the threats?
What is the current state of wireless security? What are the vulnerabilities? What are the threats?
What are the vulnerabilities to the internet system that make it susceptible to cyberterrorism?
What are the vulnerabilities to the internet system that make it susceptible to cyberterrorism?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT