{"id":166,"date":"2019-01-15T08:00:15","date_gmt":"2019-01-15T14:00:15","guid":{"rendered":"https:\/\/storyconsulting.info\/?p=147"},"modified":"2019-01-09T20:26:19","modified_gmt":"2019-01-10T02:26:19","slug":"comptia-cysa-objective-2-3","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/15\/comptia-cysa-objective-2-3\/","title":{"rendered":"CompTIA CySA+ Objective 2.3"},"content":{"rendered":"\n

Compare and contrast common vulnerabilities found in the following targets within an organization.<\/p>CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0
<\/cite><\/blockquote>\n\n\n\n

Servers<\/h3>\n\n\n\n

There are many kinds of servers (server applications) in Enterprise networks.  The most common vulnerabilities are for web servers and database servers.<\/p>\n\n\n\n

Web servers may have vulnerabilities in the actual service or the web application.  Server software can include IIS, Apache, and NGIX among others.  Each of these can include various modules that may also have vulnerabilities.  It is important to keep web services patched and to only enable modules that are needed to lower the attack surface.<\/p>\n\n\n\n

The web applications themselves may also have vulnerabilities.  These could be things like cross site scripting attacks or unvalidated input.  They can also have vulnerabilities caused by backdoors and maintenance hooks put into the application by programmers for testing that were not removed in the production version.<\/p>\n\n\n\n

Database servers are also vulnerable both directly and through web applications that use them.  One way that they can be exploited is through data sent to web applications without validation.  If input is not validated, SQL commands can be sent to expose data that shouldn’t be accessible from the application.  These are called SQL Injection attacks.<\/p>\n\n\n\n

Endpoints<\/h3>\n\n\n\n

Endpoints are one of the weakest targets within an organization.  Often times they have many different software packages that all may have vulnerabilities.  Endpoints also have the human factor.  Attack vectors based on this can include various social engineering attacks or malware.  Endpoints should have up to date antivirus and potentially host IPS and host firewalls.  Updates to the software and operating system must also be regularly done.<\/p>\n\n\n\n

Network Infrastructure<\/h3>\n\n\n\n

Infrastructure devices like routers, switches and wireless controllers all need to be kept secure.  An infrastructure device that is compromised could be used to further execute attacks against the enterprise by rerouting or altering traffic that passes through the device.  Compromised devices may also be used as platforms to attack other devices.  <\/p>\n\n\n\n

One potential sign of possible compromise is a network infrastructure device that reboots unexpectedly.  When this happens, logs, crash files and the OS files themselves should be checked.  Vendors usually provide hashes of the OS files to allow for verification.  Some attacks can even alter the boot loader on the device to allow for a more persistent compromise.  <\/p>\n\n\n\n

Network infrastructure devices should be hardened using best practices such as those from NIST or DHS.  Only services that are needed should be enabled.  In addition all devices should have their logs sent to a central syslog or SIEM.<\/p>\n\n\n\n

Network Appliances<\/h3>\n\n\n\n

Network appliances, often those used for securing the network, can also have vulnerabilities. Some common ones to look for are listed below:<\/p>\n\n\n\n