Configuration vulnerabilities can also have serious impacts on enterprise security. In this video, Mike Chapple explains the impact of misconfigurations, weak and default configurations, improperly configured accounts, and cryptographic vulnerabilties.
- [Instructor] Configuration vulnerabilities can also have serious impacts on enterprise security. A few simple errors in a system configuration can result in very significant security vulnerabilities that an attacker can exploit to gain access to sensitive information or systems. One common mistake that IT staff make is taking a system directly from a manufacturer and installing it on their network without modifying the default configuration. This is especially true in the case of devices that contain embedded computers but are not commonly managed as part of the enterprise IT infrastructure.
These include copiers, building control systems, research equipment and other devices that come directly from vendors. The default configurations on these devices may contain open firewalls, guest accounts, default passwords or other serious security issues. IT staff should always verify the security of devices before connecting them to the network. System, application, and device configurations vary widely and can often be very complicated.
Systems that are misconfigured, or configured with weak security settings, can be serious problems. Small errors can lead to significant security flaws that may allow an attacker to gain complete control of the device. IT professionals should always depend upon documented security standards and configuration baselines to help them install systems in a secure manner. Cryptographic protocols are a common source of misconfigurations because they're complex to administer.
If a system administrator inadvertently configures weak cipher suites or weak protocol implementations on a device, all of the communications to and from that device may be subject to eavesdropping and tampering. The error may be as simple as clicking the wrong checkbox. Administrators must also carefully manage encryption keys to ensure that they don't fall into the wrong hands. If a private key becomes known to a third party, that person can impersonate the key's legitimate owner, eavesdropping on communications, engaging in false communications, and creating false digital signatures.
Along those same lines, organizations must protect the issuance and use of digital certificates, ensuring that they have strong certificate management processes in place to prevent the issuance of false certificates and protect the secret keys associated with real digital certificates. Finally, account management is an incredibly important task for security professionals. If an account is improperly configured with excess permissions, the user owning that account may use those extra privileges to cause damage.
This may be intentional in the case of a malicious insider or it may be accidental when the user simply doesn't know what he or she is doing. Remember the principle of least privilege. A user should have only the minimum necessary set of permissions to perform his or her job function. Security professionals must pay close attention to the proper configuration of systems, devices, applications, cryptographic protocols and accounts and follow the principle of least privilege to protect their organizations against attack.
Looking for study partners?Join the CompTIA Security+ SY0-501 Exam study group
The CompTIA Security+ exam is an excellent entry point for a career in information security. The latest version, SY0-501, expands coverage of cloud security, virtualization, and mobile security. This course prepares exam candidates for the critical Threats, Attacks, and Vulnerabilities domain of the exam. By learning about malware, networking and application security exploitations, and social engineering, you'll be prepared to answer questions from the exam—and strengthen your own organization's systems and defenses. Author Mike Chapple, an IT leader with over 15 years of experience, also covers the processes for discovering and mitigating threats and attacks, and conducting penetration testing and scanning for vulnerabilities. Visit certmike.com to join one of his free study groups.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities