In: Computer Science
[DATA COMMUNICATIONS]
What is a vulnerability?
How are vulnerabilities dealt with and what are the possible results of leaving systems vulnerable?
If a system has no vulnerabilities how is it exploited?
Define Social Engineering and the types of attacks that step from Social Engineering.
A vulnerability is a weak point in the system.
Each organization has multiple security measures that keeps
intruders out and sensitive data secure. We can think of such
security measures as the raincoat that covers your body.
Vulnerabilities are holes on that raincoat that let the water
in.
Through the vulnerabilities, an attacker can find their way into
the systems and network and extract sensitive information.
A good vulnerability management procedure can deal with vulnerabilities and helps to reduce the chances of its occurrence through a 3-step process:
1. Identify the vulnerabilities in your
systems.
It requires a scan of your systems, applications, networks and
devices. Scanning can help in revealing security
vulnerabilities.
2. Prioritize them according to their level of
risk.
Most of the scans give results that are referred to by their CVE
(Common Vulnerabilities and Exposures). This is a standardized
system. It generates a numerical criticality score from 1 to 10
(least to most critical) based on various factors.
3. Resolve them with a fast and manageable
approach.
After prioritizing vulnerabilities based on severity and asset
value, you can address them in manageable way and resolve the most
critical ones first. Each of vulnerability in the list should
include a title, severity, category, associated threat and proposed
solution. With this, you should be able to resolve the most
critical vulnerabilities in a manageable and efficient way.
Possible results of leaving systems vulnerable-
1. Denial of service
An attacker who exploited this vulnerability can prevent authorized
person from accessing the computing resources.
2. Information disclosure
An attacker who exploited this vulnerability can get access to
sensitive information.
3. Elevation of privilege
An attacker who exploited this vulnerability can get higher
privileges on compromised systems.
If a system has no vulnerabilities, it would possibly be exploited by exploiting the human behaviour involved in the system.
Social Engineering is an art of exploiting human psychology, rather than technical exploitation techniques, to gain unauthorised access
For example, instead of trying to find a vulnerability in the system, a social engineer might trick an employee into divulging his credentials by posing as someone legitimate.
Here are some attacks that step from social engineering-
1. Phishing: These scams are email or text message
campaigns aimed at creating a sense of urgency, curiosity or fear
in victims.
2. Pretexting: Here an attacker obtains information through a series of cleverly crafted lies through texting, the attacker pretends to be someone else.
3. Baiting: Attacks uses a false promise to target a victim’s greed or curiosity. And steals their sensitive data.
4. Scareware: It involves victims being flooded with false alarms and threats. Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit.