Zero-Day & Weak Configurations | CompTIA Security+ SY0-601 | 1.6b

In this video you will learn about zero-day attacks and weak configurations such as:  open permissions, unsecure root accounts, errors, weak encryption, unsecure protocols, default settings, & open ports and services.

Zero-Day Attack

A zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation (including the vendor of the target software) or known and without a patch to correct it.  Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.[1]  The term “zero-day” originally referred to the number of days since a new piece of software was released to the public, so “zero-day software” was obtained by hacking into a developer’s computer before release.  Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them.[2]  Once the vendors learn of the vulnerability, they will usually create patches or advise workarounds to mitigate it.  The more recently that the vendor has become aware of the vulnerability, the more likely it is that no fix or mitigation has been developed.  Once a fix is developed, the chance of the exploit succeeding decreases as more users apply the fix over time.

Weak Configurations

Weak configurations can be leveraged by attackers to compromise systems and networks.  The weak configurations you need to be concerned with in regards to the CompTIA Security+ SY0-601 certification exam are:[3]

  • Open Permissions:  user accounts can be added to individual computers or to networks.  In some cases, users are given access to resources that they do not need to access.  Users should have access only to what they need in order to maintain the principle of least privilege.
  • Unsecure Root Accounts:  out-of-the-box offerings should be as secure as possible.  Administrative accounts should be protected at all times.
  • Errors:  some weak configurations are the result of human errors which could potentially cause major issues.
  • Weak Encryption:  weak cryptographic implementations can lead to sensitive data being exposed to attackers and could also have a direct impact to privacy.
  • Unsecure Protocols:  unsecure protocols can lead to unauthorized exposure of sensitive data and can allow attackers to compromise systems and applications.
  • Default Settings:  many organizations & individuals leave infrastructure devices such as routers, switches, wireless access points, and firewalls configured with default passwords which attackers can easily identify and access the systems that use shared default passwords.  It is very important to always change default manufacturer passwords & restrict network access to critical systems.
  • Open Ports & Services:  all unnecessary ports should be closed and any open ports should be protected and monitored carefully.

References

  1. What is a Zero-Day Vulnerability? Symantec.
  2. Zetter, K. (2014). Hacker Lexicon: What Is a Zero Day? Wired.
  3. Santos, O.; Taylor, R.; Mlodziannowski, J. CompTIA Security+ SY0-601 Cert Guide.