Vulnerabilities

From Computer Science Wiki

Students must be able to identify the chain of events involved in methods used to exploit a vulnerability (classed as system-based, practice/administrative-based or human-based).[edit]

There are three main categories of methods used to exploit a vulnerability: system-based, practice/administrative-based, and human-based.

  1. System-based exploitation involves attacking a system or device through a technical vulnerability, such as a software flaw or an unsecured network connection.
  2. Practice/administrative-based exploitation involves attacking an organization's policies, procedures, or practices in order to gain unauthorized access to systems or data.
  3. Human-based exploitation involves manipulating or tricking individuals into divulging sensitive information or performing actions that allow an attacker to gain unauthorized access to systems or data. This can include tactics such as phishing, pretexting, or social engineering.

To identify the chain of events involved in exploiting a vulnerability, it is important to understand the various tactics and techniques that attackers may use. This may involve analyzing system logs, studying network traffic, or conducting security assessments to identify potential vulnerabilities and the methods that could be used to exploit them.

Students must be able to discuss the role vulnerability testing plays in security testing and how proactively fixing vulnerabilities can reduce the chance a system will be breached.[edit]

Vulnerability testing is a type of security testing that is designed to identify vulnerabilities or weaknesses in a system, network, or application. It is an important part of the overall process of ensuring the security of a system, as it allows organizations to identify and address potential vulnerabilities before they can be exploited by attackers.

Proactive fixing of vulnerabilities is important because it reduces the likelihood that a system will be breached. When vulnerabilities are not addressed, they can provide a way for attackers to gain unauthorized access to systems or data. By proactively identifying and fixing vulnerabilities, organizations can prevent attackers from using them to compromise their systems.

There are several different types of vulnerability testing methods that can be used, including manual testing, automated testing, and penetration testing. Each of these methods has its own advantages and disadvantages, and the most appropriate method will depend on the specific needs and goals of the organization.

In general, vulnerability testing should be an ongoing process as part of an organization's overall security strategy. This allows organizations to stay ahead of potential threats and to continuously improve their security posture.


Students must be able to explain characteristics of common vulnerabilities found in operating systems, networks, WiFi, and Websites.[edit]

There are many common vulnerabilities that can be found in operating systems, networks, WiFi, and websites. Here are a few examples:

Operating systems: Unpatched software vulnerabilities: Operating systems often have vulnerabilities that are discovered after they are released. It is important to keep operating systems up to date with the latest patches and updates to fix these vulnerabilities. Default or weak passwords: Many operating systems come with default accounts and passwords that are well-known to attackers. It is important to change these to strong, unique passwords to prevent attackers from gaining access. Networks: Unsecured network protocols: Some network protocols, such as Telnet and FTP, transmit data in plaintext and do not provide any encryption. This makes it easy for attackers to intercept and read sensitive data. Unsecured wireless networks: Unsecured wireless networks, or those without proper encryption, can be easily accessed by attackers. It is important to use strong encryption methods, such as WPA2, to secure wireless networks. WiFi: Weak wireless network passwords: As with operating systems, it is important to use strong, unique passwords for wireless networks to prevent attackers from accessing them. Lack of wireless network security: If a wireless network is not properly configured, it may be vulnerable to attacks such as man-in-the-middle attacks or wireless snooping. Websites: Cross-site scripting (XSS) vulnerabilities: XSS vulnerabilities allow attackers to inject malicious code into a website, which can then be executed by users visiting the site. SQL injection vulnerabilities: SQL injection vulnerabilities allow attackers to execute arbitrary SQL commands on a database, potentially allowing them to access or manipulate sensitive data. Unsecured transmission of sensitive data: Websites that do not properly secure the transmission of sensitive data, such as login credentials or financial information, can be vulnerable to interception by attackers. It is important to use secure protocols such as HTTPS to protect this data.



Students must be able to explain how common system vulnerabilities could be used to exploit multiple systems.[edit]

There are many common system vulnerabilities that can be used to exploit multiple systems. Here are a few examples:

Unpatched software vulnerabilities: When an operating system or application has a vulnerability that has not been patched, it can be exploited by an attacker. If this vulnerability exists on multiple systems, the attacker can potentially exploit all of them.

Default or weak passwords: Many systems come with default accounts and passwords that are well-known to attackers. If these are not changed to strong, unique passwords, an attacker can potentially gain access to multiple systems using the same credentials.

Unsecured network protocols: Some network protocols, such as Telnet and FTP, transmit data in plaintext and do not provide any encryption. If these protocols are used on multiple systems, an attacker can potentially intercept and read sensitive data on all of them.

Cross-site scripting (XSS) vulnerabilities: XSS vulnerabilities allow attackers to inject malicious code into a website, which can then be executed by users visiting the site. If a website has an XSS vulnerability, an attacker can potentially exploit it to attack multiple users who visit the site.

SQL injection vulnerabilities: SQL injection vulnerabilities allow attackers to execute arbitrary SQL commands on a database, potentially allowing them to access or manipulate sensitive data. If multiple systems use the same database, an attacker can potentially exploit this vulnerability to attack all of them.

By understanding these common vulnerabilities and how they can be exploited, organizations can take steps to protect their systems and reduce the risk of being compromised.


Students must be able to compare the implications of a proactive or reactive approach to security management, and outline the characteristics of a proactive and reactive approach.[edit]

Proactive and reactive approaches to security management are two different strategies for addressing security threats. A proactive approach involves actively taking steps to prevent security incidents from occurring, while a reactive approach involves responding to incidents after they have occurred.

A proactive approach to security management has several advantages:

It can help to prevent security incidents from occurring in the first place, which can save an organization time, money, and resources. It allows organizations to identify and address potential vulnerabilities before they can be exploited by attackers. It can help organizations to maintain a positive reputation, as proactive security management can demonstrate to customers, clients, and other stakeholders that the organization is serious about protecting sensitive data. On the other hand, a reactive approach to security management has several disadvantages:

  1. It can be more costly and time-consuming to respond to security incidents after they have occurred.
  2. It can damage an organization's reputation if the incident is severe or results in the loss of sensitive data.
  3. It may not address the root cause of the security incident, meaning that similar incidents could potentially occur in the future.
  4. In general, a proactive approach to security management is more effective than a reactive approach. However, it is also important for organizations to have a robust incident response plan in place in case a security incident does occur. This can help to minimize the impact of the incident and facilitate a quick and effective response.


Students must be able to explain the relative risk of security breaches coming from inside an organisation rather than outside, and describe the use of policies, procedures and actions within an organisation to mitigate the risk of a “malicious insider”.[edit]

The relative risk of security breaches coming from inside an organization versus outside depends on the specific circumstances of the organization. In some cases, the risk of a security breach coming from an insider may be higher, while in other cases the risk may be lower.

There are several factors that can contribute to the risk of a security breach coming from an insider, including:

  1. The level of access that insiders have to sensitive data and systems
  2. The level of training and awareness of security best practices among insiders
  3. The presence of strong security policies and procedures within the organization
  4. To mitigate the risk of a "malicious insider" causing a security breach, organizations can implement a number of policies, procedures, and actions, such as:

Access controls: Implementing strong access controls can help to ensure that only authorized individuals have access to sensitive data and systems. This can include measures such as two-factor authentication, least privilege access, and regular audits of access rights.

Employee training and awareness: Providing employees with training and awareness on security best practices can help to prevent them from inadvertently causing a security breach. This can include training on topics such as phishing, password security, and secure data handling.

Security policies and procedures: Establishing strong security policies and procedures can help to ensure that all employees are aware of their responsibilities when it comes to security and that there are clear guidelines for handling sensitive data and systems.

Monitoring and detection: Implementing monitoring and detection systems can help to identify suspicious activity and potential threats, including those that may be posed by malicious insiders. This can include logs, audits, and other types of monitoring tools.

By implementing these and other measures, organizations can reduce the risk of a security breach caused by a malicious insider and better protect their sensitive data and systems.


Students should be able to outline the use of countermeasures to reduce the organisation’s vulnerability to a security attack, including: identification authentication (Passphrases, 2Factor, Biometrics, PIN); managing traffic and ports using Firewalls; encrypting USB and Mobile hardware devices to protect data in transit; policies and guidelines (storage, classification, threat level of stored data, use of data according to level of sensitivity); regular internal and external security testing of company network devices and systems; segmentation of networks into VLANs; “need to know” access levels for users; staff training (appropriate use of systems, countering social engineering/phishing attacks and data privacy regulations).[edit]

Countermeasures are measures that are taken to reduce the vulnerability of an organization to security attacks. There are many different types of countermeasures that organizations can use to reduce their vulnerability, including:

Identification and authentication: Implementing strong identification and authentication measures can help to ensure that only authorized individuals have access to sensitive data and systems. This can include the use of strong passphrases, two-factor authentication, biometrics, and personal identification numbers (PINs).

Managing traffic and ports with firewalls: A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. By using a firewall to manage traffic and ports, organizations can help to prevent unauthorized access to their systems.

Encrypting USB and mobile hardware devices: Encrypting data on USB and mobile hardware devices can help to protect it from unauthorized access while in transit. This can include the use of encryption technologies such as AES or RSA.

Policies and guidelines: Establishing policies and guidelines for the storage, classification, and use of data can help to ensure that sensitive information is handled in a secure manner. This can include guidelines for the threat level of stored data and the use of data according to its level of sensitivity.

Regular internal and external security testing: Conducting regular internal and external security testing of company network devices and systems can help to identify vulnerabilities and ensure that they are addressed in a timely manner.

Segmentation of networks into VLANs: Segmenting networks into virtual LANs (VLANs) can help to improve security by isolating different parts of the network from one another. This can help to prevent unauthorized access to sensitive data and systems.

"Need to know" access levels for users: Implementing "need to know" access levels for users can help to ensure that they only have access to the data and systems that they need in order to perform their job duties.

Staff training: Providing staff with training on the appropriate use of systems, countering social engineering and phishing attacks, and data privacy regulations can help to improve security and reduce the risk of a security breach.

By implementing these and other countermeasures, organizations can reduce their vulnerability to security attacks and better protect their sensitive data and systems.