Wednesday, February 1, 2012

Vulnerability at Glance

Lets talk about Vulnerability..

Wikipedia : 
"In computer  security,  a vulnerability  is a weakness which allows an attacker to  reduce a system's information assurance. Vulnerability is the intersection of three elements : a system  susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.   In this frame,  vulnerability  is also known as the attack surface."

ISO 27005 :
"A weakness of an asset or group of assets that can be exploited by one or more threats where an asset is anything that can has value to the organization, its bussiness operations and their continuity, including information resources that support the organization's mission."

IETF RFC 2828 :
"A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the sytem's security policy."
From   some   explanation   above,   we   can   conclude   that   Vulnerability is   a   weak  point/spot of a system that can be attacked by someone through a series of method and technique to take over the control of the system. There are many tipes and classification of vulnerability. Hardware, Software, Network, Personnel, Site and Organizational is some of them. And depends on the type of the vulnerability the attack method can be made. Using well planned attack method is essential to get the most advantage of the vulnerability. 
Some examples of vulnerability :
1. Website using old version of cms/database.
2. Application that have a lot of bugs.
3. Hardware problem on a server.
4. Weak password.
5. Unprotected local network.
6. Same password in every accounts.
7. Didn't patch or update the system.
8. Lazy administrator.

"the quieter you become, the more you are able to hear.."

0 comments:

Post a Comment