Sept.2020 Level III Training Material

3/10/2017

Cybersecurity – Misconfigured Systems Systems may be configured in such a way that they are vulnerable. • Default passwords may commonly be left unchanged. In Febuary of 2013, this resulted in hackers taking over the “Emergency Alert System” and issuing a warning that “the bodies of the dead are rising from their graves and attacking the living.” Televisions stations in Montana, California, Michigan, New Mexico, and Utah were all victimized by this. • Mass collections of default passwords are commonly available for download on the Internet. • Proper configuration of firewalls is difficult, but often a critical component of network security.

company confidential

Cybersecurity – Unpatched Vulnerabilities New vulnerabilities are discovered and addressed on an ongoing basis. However, there is often significant delays between the release of a patch and the patch being deployed. • Organizations may need to test that the patch may be safely deployed on production systems. • Organizations may have specified periods where updates may be performed.

company confidential

Cybersecurity – Zero Day Vulnerabilities Cyber security researches are not always the first ones to discover a vulnerability. Some vulnerabilities are discovered after the problem has already happened or after the discovery of the issue but before any resolution can be created. • The “Heartbleed” SSL issue, when discovered, effected 17% of the servers on the Internet. Within hours of the vulnerability being publically known systems were being attacked by exploiting it. • “Ransom-ware” virus have been spread through numerous zero-day vulnerabilities in Adobe Flash.

company confidential

6

Made with FlippingBook - Online catalogs