8.1.4 ' Physical vulnerabilities

Cards (24)

  • The location of a system or asset can make it vulnerable
  • The accessbility of a location where a device is kept could make it vulnerable, for example if it´s in a publically accessable location.
    It is vulnerable as it could be tampered with physically
  • One way a malicious actor could comprimise a wifi network by exploiting a location vulnerability is?
    Resetting a router and then altering it's settings
  • Additionally the location is a vulnerability because of the environment it´s in, such as being at risk of damage from x, y, and z?

    Natural disasters, Humidity, Temperatures
  • What is needed if a system is located in a physically vulnerable place?
    Disaster recovery policy
  • What are the 5 main things that can make a device physically vulnerable?
    Location
    Usage circumstances
    Characteristics of users
    System layout
    System robustness
  • What makes a vulnerability physical?
    Being a result of physical conditions
  • Circumstances of use is a type of physical vulnerability as it encompasses risks from malicious actors who have easy access to the device due to the situation in which the device is being used
  • 3 examples of how the circumstances of use is a physical vulnerability:
    • Shoulder surfing
    • Fake WAP
    • Physical limitations
  • Physical limitations include things like wear and tear, overheating, and potential system failure
  • Compromising a WAP is bad for the business as it disrupts the operation but also risks the security of any user of that WAP
  • The user of a physical system leaves it vulnerable as they introduce risk of human error
  • Aside from human error a user also introduces a physical vulnerability to digital systems due to how they interact with technology, such as using only one password
  • The layout of a system or asset refers to how it's structured or organised.
  • The layout of system or asset can make a system vulnerable, a lack of segmentation is a good example of this.
    For example a non-segmented network will be more impacted by a data breach as all parts of the network are immediately accessible
  • If a system is very complex it may also pose as a physical vulnerability as adminstrators will be less able to monitor and manage threats, leading to unresolved vulnerability issues.
  • A system that is very simple may also pose a physical vulnerability as the less defenses a system has the more failure points it will have
  • A well designed system must be robust, as the more situations it can handle the less vulnerable it is
  • A robust system example is a server being able to handle a large increase in users, or DOS attack without going offline
  • If a system is unstable it is vulnerable, for example if it frequently crashes data may be lost, service will be disrupted and there are more potential vulnerabilities for malicious actors to exploit.
  • An asset may be poorly designed leading to physical vulnerabilities such as not having strong enough encryption on sensitive data, especially if it can be intercepted
  • A design may lead to physical security risks by not having provisions for updates and patches to fix security issues
  • A design can lead to physical vulnerabilities if it doesn't fully consider user input and behaviour, due to malicious attackers using Cross-site scripting and SQL injection
  • How can poor system design introduce vulnerabilities?
    Introduce vulnerabilities such as poor encryption