Vulnerabilities and Threats
Vulnerabilities and Threats means that the more complex an IT system is, the less assurance it provides. More
complexity means more areas where vulnerabilities exist and that they must be secured against security threats. More vulnerabilities
and more threats mean that any security provided by the system is less trustworthy.
Below are just a few different types of IT systems which are vulnerable to threats.
Client-based vulnerabilities place the user, their data, and their system at risk of attack, compromise and destruction. A client-side
attack is a security attack that is able to harm a computing client.
Usually, when security attacks are discussed, it's always assumed that the main target is a server or server-side computing device. A client-side or client only focused security attack is one where the client, or a client operating system or application process is the target.
A typical example we have found at Cyberteam is of a client-side attack is from a malicious website that downloads malicious code (such as an applet) to a vulnerable browser running on the computing client device. Client-side attacks can occur over any communications protocol, not just using Hypertext Transfer Protocol (HTTP).
A very important area of server-based security concern for Cyberteam Security Professionals, which may include computing clients as well, is the issue of data
flow control. Data flow is the transfer of data between operating system or application processes, between computing devices, across a local or wide-area
network, or over other communication channels.
The management of data flow ensures not only the efficient transfer with minimal delays or network latency, and provides reliable throughput using hashing and confidentiality protection with data encryption.
data flow control also ensures that the receiving systems are not overloaded with network traffic, especially to the point of dropping network connections or being subject to a malicious or even self-inflicted DoS Denial of Service attack.
Cyberteam security professionals have found that when data overflow occurs, data may be lost or corrupted or waist network resources by retransmitting the data again. These results are undesirable, and data flow control is often implemented to prevent these issues from occurring, on network devices, including routers and switches, as well as network applications and services.
Database Systems Security
Database Security is an important part of any company that uses large amounts of data as an essential asset. Without database security efforts, business tasks
can be halted and confidential information disclosed.
SQL provides a number of functions that combine records from one or more tables to produce potentially useful information. This process is called aggregation whch is not without its security vulnerabilities. Aggregation attacks are used to collect numerous low-level security items or low-value items and combine them to create something of a higher security level or value.
The database security issues posed by inference attacks are similar to those posed by the threat of data aggregation. Inference attacks involve combining several pieces of non-sensitive data to gain access to information that should be classified at a higher level. Inference makes use of the human mind's deductive capacity rather than the raw mathematical ability of modern database systems.
Data Mining and Warehousing:
Many companies use large databases, known as data warehouses, to store vast amounts of data from a variety of data sources for use with specialised analysis techniques. Data mining techniques allow analysts to search through data and look for potential correlated information, which is significant for security professionals for two reasons.
- Data warehouses contain large amounts of of potentially sensitive information vulnerable to aggregation and inference attacks.
- Data mining can be used as a security tool when its used to develop baselines for statistical anomaly-based IDS intrusion detection systems.
Data analytics is the science of raw data examination with the focus of extracting useful information out of the bulk information set, commonly referred to as "Big Data", but due to the sheer volume of information, traditional means of analysis or processing are ineffective, inefficient, and insufficient, due to the numerous difficult challenges of collection, storage, analysis, mining, transfer, distribution and results presentation.
The concept of a client-server model network is also known as a distributed system or a distributed architecture. From a security standpoint security must be
addressed everywhere instead of at a single centralised host as in the legacy host/terminal model.
Distributed architectures are prone to vulnerabilities, desktop systems can contain sensitive data that may be at some risk of being exposed, and must be protected. Individual users may lack general security savvy or awareness, and therefore the underlying architecture has to compensate for those deficiencies.
Desktop PCs, workstations, and laptops can provide avenues of access into critical information systems elsewhere in a distributed environment because users require access to networked servers and services to do their job.
By permitting user machines to access a network and its distributed resources, companies must also recognise that those user machines can become threats if they are misused or compromised.
Cloud-Based Systems and Cloud Computing
Cloud computing, is a natural extension and evolution of virtualisation, the nternet, distributed architecture, and the need for ubiquitous access to data
However cloud computing does have some security issues, including privacy concerns, regulation compliance difficulties, use of open/closed-source solutions, adoption of open standards, and whether or not cloud-based data is actually secured (or even securable). Saying that, many cloud vendors may actually provide a more secure environment that most companies can maintain themselves.
Peer to Peer
Peer-to-peer (P2P) technologies are networking and distributed application solutions that share tasks and workloads among peers.
This is similar to the grid computing model, but the primary differences are that there is no central management system and the services provided are usually real-time rather than as a collection of computational power.
Common examples of P2P include Blockchain Bitcoin and Ethereum crypto-currency distributed ledger currency mining, VOIP services such as Skype, BitTorrent (for data/file distribution), and Spotify (for streaming audio/music distribution).
Security concerns with P2P solutions include the ability to eavesdrop on distributed content, a lack of central control/oversight/management/filtering, and the potential for services to consume all available GPU and network bandwidth.
There is a wide variety of application and system vulnerabilities and threats in web-based systems, and the range is constantly expanding.
Vulnerabilities include concerns related to Extensible Markup Language (XML) and Security Association Markup Language (SAML) plus many other concerns discussed by the open community-focused web project known as the Open Web Application Security Project (OWASP).
A few of the OWASP top ten Web risks are SQL injection, XML exploitation, cross-site scripting (XSS) and XSRF Cross-site request forgery.
The vulnerabilities and threats information shown above is mostly generic in nature and based on best-practice, therefore to get a better understanding on what we can do for your business, all we ask is that you contact us to discuss your cyber vulnerabilities and threats needs to protect your IT systems and data.
Click here to contact us