Vulnerabilities in Information Security
Vulnerabilities are weaknesses in a system that gives threats the opportunity to compromise assets. All systems have vulnerabilities. Even though the technologies are improving but the number of vulnerabilities are increasing such as tens of millions of lines of code, many developers, human weaknesses, etc. Vulnerabilities mostly happened because of Hardware, Software, Network and Procedural vulnerabilities.
1. Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system hardware through physically or remotely.
- Old version of systems or devices
- Unprotected storage
- Unencrypted devices, etc.
2. Software Vulnerability:
A software error happen in development or configuration such as the execution of it can violate the security policy. For examples:
- Lack of input validation
- Unverified uploads
- Cross-site scripting
- Unencrypted data, etc.
3. Network Vulnerability:
A weakness happen in network which can be hardware or software.
- Unprotected communication
- Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
- Social engineering attacks
- Misconfigured firewalls
4. Procedural Vulnerability:
A weakness happen in an organization operational methods.
- Password procedure – Password should follow the standard password policy.
- Training procedure – Employees must know which actions should be taken and what to do to handle the security. Employees must never be asked for user credentials online. Make the employees know social engineering and phishing threats.