Friday, 9 September 2022

Vulnerability identification

 Vulnerability identification

 What is a Cybersecurity Vulnerability? Vulnerabilities are weaknesses in an information system’s design, implementation, operation, or management,  that can be exploited by Threat Actor ,  to compromise of the confidentiality, integrity, or availability of that system. After exploiting a vulnerability, a Threat Actor can run malicious code, install malware, and even steal sensitive data.

Vulnerability identification is the process of scanning and noting exploitable gaps in our system, network operation & configuration. These  scanning help us , to focus on protecting the  system & network by pointing out the weak parts of our system. There is countless vulnerabilities exist, so we will need to define a broader selection of vulnerabilities to get things started. Following are some examples of common potential vulnerabilities:

  •  Hardware:   Susceptibility to humidity, dust, moisture, electrostatic discharge (ESD), and inadequate physical protection
  •  Software:   Lack of testing and auditing, design flaws, missing patches, legacy, and misconfiguration
  •  Network:   Unprotected cables, insecure network architecture, poor or missing encryption, poor segmentation, and poorly positioned network appliances
  •  Personnel:   Poor recruiting practices, lack of security policy adherence, and poor cybersecurity awareness
  •   Physical site:   Susceptibility to floods, fires, power outages, unauthorized entry, lack of surveillance, and lack of security guards
  •  Organizational:   Lack of business continuity plans BCP and disaster recovery plans DRP

Vulnerability identification is a big undertaking that involves consistent internal vulnerability assessments. Vulnerability management or assessments is a  practice of identifying, classifying, prioritizing, remediating, and mitigating  system & network of vulnerabilities. 









In addition to the acquisition of vulnerability intelligence from numerous vulnerability identification sources, as listed here:

  1.  CVE
  2.  Exploit Database
  3.  IT system audit reports
  4.  National Vulnerability Database (NVD)
  5.  Open Web Application Security Project (OWASP)
  6.  Previous risk assessments
  7.  SANS Internet Storm Center
  8.  Security advisories
  9.  Security requirements checklist
  10.  System security testing
  11.  US-CERT
  12.  Vendor advisories (Cisco, IBM, Google, Microsoft)
  13.  Vulnerability listings

 Consider a simple example—A Default/Weak password used by an administrator or a normal user are both problematic, but the potential effect of a compromise of an administrator’s account can have far greater impact on the organization. 

No comments:

Post a Comment

Building Own SIEM Environment using Opensource Tools (Part 4)

  Building Own SIEM Environment using Opensource Tools (Part 4) Wazuh Server As per last blog, we are going to install Wazuh server and Wazu...