The location of a system or asset can make it vulnerable
The accessbility of a location where a device is kept could make it vulnerable, for example if it´s in a publically accessable location.
It is vulnerable as it could be tampered with physically
One way a malicious actor could comprimise a wifi network by exploiting a location vulnerability is?
Resetting a router and then altering it's settings
Additionally the location is a vulnerability because of the environment it´s in, such as being at risk of damage from x, y, and z?
Naturaldisasters, Humidity, Temperatures
What is needed if a system is located in a physically vulnerable place?
Disaster recovery policy
What are the 5 main things that can make a device physically vulnerable?
Location
Usage circumstances
Characteristics of users
System layout
System robustness
What makes a vulnerability physical?
Being a result of physical conditions
Circumstances of use is a type of physical vulnerability as it encompasses risks from malicious actors who have easy access to the device due to the situation in which the device is being used
3 examples of how the circumstances of use is a physical vulnerability:
Shoulder surfing
Fake WAP
Physical limitations
Physical limitations include things like wear and tear, overheating, and potential system failure
Compromising a WAP is bad for the business as it disrupts the operation but also risks the security of any user of that WAP
The user of a physical system leaves it vulnerable as they introduce risk of human error
Aside from human error a user also introduces a physical vulnerability to digital systems due to how they interact with technology, such as using only one password
The layout of a system or asset refers to how it's structured or organised.
The layout of system or asset can make a system vulnerable, a lack of segmentation is a good example of this.
For example a non-segmented network will be more impacted by a data breach as all parts of the network are immediately accessible
If a system is very complex it may also pose as a physical vulnerability as adminstrators will be less able to monitor and manage threats, leading to unresolved vulnerability issues.
A system that is very simple may also pose a physical vulnerability as the less defenses a system has the more failure points it will have
A well designed system must be robust, as the more situations it can handle the less vulnerable it is
A robust system example is a server being able to handle a large increase in users, or DOS attack without going offline
If a system is unstable it is vulnerable, for example if it frequentlycrashesdata may be lost, service will be disrupted and there are more potential vulnerabilities for malicious actors to exploit.
An asset may be poorly designed leading to physical vulnerabilities such as not having strong enough encryption on sensitive data, especially if it can be intercepted
A design may lead to physical security risks by not having provisions for updates and patches to fix security issues
A design can lead to physical vulnerabilities if it doesn't fully consider user input and behaviour, due to malicious attackers using Cross-site scripting and SQL injection
How can poor system design introduce vulnerabilities?