3/10/2017
Cybersecurity – Misconfigured Systems Systemsmay be configured in sucha way that they arevulnerable. • Defaultpasswordsmay commonly be left unchanged. InFebuary of 2013, this resulted in hackers takingover the “EmergencyAlert System”and issuing a warning that “the bodies of the deadare rising from their graves andattacking the living.” Televisions stations inMontana,California, Michigan, New Mexico,andUtah wereall victimized by this. • Mass collections ofdefault passwordsare commonly available for download on the Internet. • Properconfiguration of firewalls isdifficult, butoften a critical component ofnetwork security.
companyconfidential
Cybersecurity – Unpatched Vulnerabilities New vulnerabilities arediscoveredandaddressedon anongoing basis. However, there is often significant delaysbetween the releaseof apatchand thepatchbeing deployed. • Organizations may need to test that thepatchmay be safely deployed onproduction systems. • Organizations may have specified periods whereupdatesmay be performed.
companyconfidential
Cybersecurity – Zero Day Vulnerabilities Cyber security researches arenotalways the firstones todiscover avulnerability. Some vulnerabilities arediscoveredafter theproblem has alreadyhappened or after thediscovery of the issue butbefore any resolution canbe created. • The “Heartbleed” SSL issue, whendiscovered,effected17% of the servers on the Internet.Within hoursof the vulnerability beingpublically known systemswerebeing attacked by exploiting it. • “Ransom-ware”virus have been spread through numerous zero-day vulnerabilities in AdobeFlash.
companyconfidential
6
Made with FlippingBook Online document