What host-level information would you want to obtain so you can exploit defaults and patches?

What host-level information would you want to obtain so you can exploit defaults and patches?

What host-level information would you want to obtain so you can exploit defaults and patches?

A.
Servers

B.
Routers and switches

C.
Databases

D.
Firewall types
1D0-470

Explanation:
Defaults are patches are applied to servers. In order to exploit default and lack of patches you must gain access to the servers. It is very important to hardening the Operating System by removing defaults and keeping updates, patches, hot fixes and service packs current.
Note: The way the exploitation works is this: Holes in security are discovered and published by the vendor, with a fix. Sometimes the vendor even gives an example of how to exploit the system so that the fix can be tested. Not everyone applies the fixes, consider the philosophy if it isn’t broke, don’t fix it. So a hacker identifies the server, checks the vendors site for vulnerabilities, and then makes the attack hoping that the fixes were not applied to the system, which leads to a breach.
Incorrect Answers:
B: Knowing the routers and switches does not usually provide a point of exposure. Although routers and switches are hardware devices, these devices do use code such as BIOS and firmware, and this code can be patched or upgraded. However, security exposures using hardware devices are very rare and usually don’t provide a point of exploitation.
C: Knowing and processing databases do not provide an exposure point. Interfaces to the databases may be exploited to attack the databases, and databases may be left with default accounts, but you need to know the type of database and the version.
D: The outline line of defense is the firewall, however, defaults and patches on firewalls are not as useful for the hacker as they are on servers. If the operating system is not hardened the configuration of the firewall protection will not work.



Leave a Reply 0

Your email address will not be published. Required fields are marked *