Vulnerability Classification and Assessment Type

The section Vulnerability Classification and Assessment Types of CEH Module 5 discusses that any vulnerable point in a system can be dangerous and potentially cause a lot of harm to an organization. Ethical Hackers need to be well-versed in the different types of system weaknesses and the techniques for evaluating them. This subsection covers the different sorts of vulnerabilities and how to assess them.

Classification of Vulnerabilities

Following are the classifications of vulnerabilities.

1. Misconfigurations or Weak Configurations

Setting up a computer network or system in an incorrect manner is a common mistake, mostly because people make errors. These mistakes can make it easy for someone with bad intentions to sneak into the network and access stuff without permission. These errors can happen on purpose or by accident. They usually involve websites, the programs that run them, databases, and the overall network. If someone looking to cause harm finds these mistakes, they can get into the deeper parts of the system and cause trouble. To prevent this, the people in charge of the computer systems should change any initial settings that come with the equipment to make everything more secure.

2. Network Misconfigurations

Network changes are common and necessary for improving business operations, but they must be done carefully to avoid creating weak points. The network might slow down, lose connection, or get hacked if not set up properly.

One major weak point is “Insecure Protocols.” These methods of sending data don’t protect the information, making it easy for hackers to see and alter the data or gain unauthorized access. To prevent this, it’s important to stop using these unsafe protocols and manage network updates through a secure central point.

• Open Ports and Services: Communicating with software over the internet involves open doorways (ports) that should be locked down properly. If these are left open without good security, it can lead to data being stolen or services being shut down by attacks. It’s important to check and secure these doorways to keep the network safe.
• Weak Encryption: Not scrambling data properly can make it easy for hackers to listen in or change the information being sent around. They can even pretend to be a legitimate service and give false information.
• Errors: When applications or services are not set up correctly, they can spill out error messages that give hackers clues on how to break in. Using outdated or flawed software can also give hackers a way to attack remotely.

3. Host Misconfigurations

Hackers can take advantage of mistakes in server setup to gain unauthorized control over the system. Tools meant for fixing problems, like debugging functions, can be misused to give attackers high-level access, letting them dodge security checks and access sensitive information.

• Open Permissions: Giving users more access to applications or files than necessary can lead to security risks such as private data getting out (data leakage) or system operations damage. Setting up these permissions is tough because even small oversights can let unapproved people read or change important files. Hackers can also increase their access rights through these oversights, which lets them use accounts that shouldn’t have access or run commands on the system.
• Unsecured Root Accounts: If you stick with the default admin login details that come with your database or software, you could be inviting trouble. Without a strong policy to keep passwords safe, hackers can try different methods to crack these passwords.

4. Application Vulnerabilities

Software vulnerabilities are weak spots that hackers can exploit. It’s important to validate and authorize user actions to prevent risks like data tampering and unauthorized access. If security is weak, sensitive information could be compromised. Developers need to know about these vulnerabilities to build secure applications.

• Race Conditions: Occur when system processes or threads vie for a resource and timing affects the outcome, potentially causing software bugs or security issues, like Denial of Service or privilege escalation.
• DLL Injection: This happens when a program mistakenly runs a rogue DLL file, possibly leading to the execution of harmful code. Prevention requires using full paths for DLL loading and avoiding untrusted sources.
• Null Pointer Dereference: Arises when a program tries to use a null value as a reference, leading to software crashes and potential security breaches. It is often exploited to bypass security and reveal sensitive information.
• Resource Exhaustion: This attack overloads a system with excessive requests, similar to a Denial of Service, wasting resources and possibly causing system crashes due to design or coding flaws.
• Integer Overflows: When a calculation exceeds the maximum storage capacity for an integer, causing unpredictable behavior, software errors, and potential security gaps like buffer overflows.
• Buffer Overflows: Result from coding errors where a program writes data beyond buffer limits, causing crashes or erratic behavior and potentially allowing attackers to execute arbitrary code.
• Memory Leaks: Arise when a program doesn’t free up memory that’s no longer in use, resulting in unnecessary resource consumption and creating opportunities for malicious exploitation.
• Unsecured Root Accounts: Using default administrative credentials without a strong password policy can lead to security issues, as attackers might brute-force their way into the system.

5. Poor Patch Management

Inadequate handling of software updates can leave systems vulnerable to attacks. Patches fix issues and vulnerabilities and should be applied promptly to maintain security.

• Unpatched Firmware: Firmware without updates can have security gaps, allowing attackers to steal data or control hardware. Regular updates are needed to prevent such risks.
• Unpatched Servers: Key to infrastructure, servers with outdated software can be breached, compromising data and disrupting operations. Timely updates and bug fixes are crucial for security.

Types of Vulnerability Assessment

• Active Assessment: Utilizes network scanning to locate hosts, services, and vulnerabilities.
• Passive Assessment: Monitors network traffic to identify active components and associated vulnerabilities.
• External Assessment: Evaluates the network from an external viewpoint to find exploitable weaknesses.
• Internal Assessment: Reviews internal infrastructure for security flaws.
• Host-based Assessment: Checks individual system settings to prevent breaches.
• Network-based Assessment: Looks for potential network security breaches.
• Application Assessment: Scans web infrastructure for misconfigurations or outdated elements.
• Database Assessment: Tests databases for vulnerabilities like data exposure or SQL injection.
• Wireless Network Assessment: Identifies security issues in wireless networks.
• Distributed Assessment: Reviews distributed systems for proper synchronization and security.
• Credentialed Assessment: Uses known credentials to assess network security.
• Non-Credentialed Assessment: Evaluates network security without login credentials.
• Manual Assessment: Ethically hacks into the system to rank and score vulnerabilities.
• Automated Assessment: Employs tools to conduct vulnerability assessments.

To be continued…

Vulnerability Assessment Tools

Master CEH with InfosecTrain

Ethical hacking is a multifaceted process demanding extensive knowledge and security certifications. Through ethical hacking courses, such as InfosecTrain’s Certified Ethical Hacker (CEH v12) training, professionals can enhance their security assessment and network architecture expertise. This program equips individuals with the crucial skills and techniques necessary to conduct authorized hacking activities within organizations.

TRAINING CALENDAR of Upcoming Batches For CEH v13

AUTHOR
Pooja Rawat ( )

“ My name is Pooja Rawat. I have done my B.tech in Instrumentation engineering. My hobbies are reading novels and gardening. I like to learn new things and challenges. Currently I am working as a Cyber security Research analyst in Infosectrain. “