Cloud computing along with the decreasing cost of high performance hardware has significantly made global connectivity ten folds more than what it might have been a few years ago. With the current infrastructure it is no wonder that internet users are quadrupling exponentially and this rise is not limited to any particular country or region as more users are added even from the most remote locations imaginable. This exponential rise gives precedence to certain security measures as well because with increasing user database, threats too increase in a significant way. To protect users from identity theft along with the protection of data, vulnerabilities and exposure to malicious content needs to be recorded and patched updates need to be issued at regular intervals.
In these circumstances, the CVE (Common Vulnerabilities and Exposure) database plays a critical role in the establishment and the processing of these records. In 1999 the CVE list was inaugurated by the MITRE Corporation as a community project to quantify all the existing treats that were targeted at online users who were part of the early internet. Today CVE list stands to be the largest database for cyber security threats. In the CVE list each record contains an identification number, a short description of what the vulnerability might be related to, and a public reference so that patches can be updated directly for these cases (Mell et al, 2006).
Delegate your assignment to our experts and they will do the rest.
The CVE list is then further integrated into the other databases such as the NVD. The NVD is a functional database which is completely synchronized for any updated vulnerabilities and acts as a foundation to build and provide fix information regarding these threats, severity scores on whether these vulnerabilities are critical in nature or not (Based on the CVSS), and impact ratings. NVD also further establishes advance searching features that can be manipulated by running queries vendor name, version number, product ID or any form of identification to get the most recent patches and updates on specific threats (Mell et al, 2006).
Potential Threats via Web platform
Since this draft pertains to the use of the above database, it is imperative that we isolate three distinct vulnerabilities and then provide resolution on how they can be effectively tackled, below are some selected examples:
Critical Vulnerabilities
CVE-2018-0006 – In this particular cyber security vulnerability a high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain can trigger high memory utilization. Such a scenario can only occur when you have a compromised internal network and there is unauthorized access on your domain (Mell & Grance, 2002).
CVE-2018-0007 – One of the primary features of penetration testing CVE-2018-0007 occurs when an unauthenticated network-based attacker is able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast leading to a denial of service.
Furthermore, crafted packets may be able to withstand the denial of service condition. If the attacker is authenticated on the target device, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device.
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc.
CVE-2018-0008 – Based on the explanation provided in the CVE list and the NIST database the latter vulnerability related to an unauthenticated root login that may allow a hard reboot when a commit script is used (Haldorai & Ramu, 2018).
A commit script allows a device administrator to execute certain instructions during commit, which are configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work.
Resolution for the threats on Web Platform
Resolution for penetration testing or any sort of authentication testing can we fundamentally avoided if the users are not given root or administrative privileges on their workstations. This will imply that the internal network has a security layer which will only be managed by IT administrators. It also gives prevention for any type of buffer control that floods the memory as a non-administrative / non-root user will not be allowed to capture the memory load entirely.
In addition to above techniques, load balancers should be implemented along with necessary firewalls so that LLDP proxies do not give us unwanted traffic and 3 rd party insecure connections over the SSL (Banerjee et al, 2018). In addition to this, there should be a rotational policy on root password for the web platform as a single pass can be compromised in the long run. All patches to privately procured software such as the Abode suite, and the corresponding office and .NET frameworks should be patched up and all necessary fixes applied
References
Haldorai, A., & Ramu, A. (2018). The Impact of Big Data Analytics and Challenges to Cyber Security. In Handbook of Research on Network Forensics and Analysis Techniques (pp. 300-314). IGI Global.
Mell, P., Scarfone, K., & Romanosky, S. (2006). Common vulnerability scoring system. IEEE Security & Privacy, 4(6).
Banerjee, C., Banerjee, A., Poonia, A. S., & Sharma, S. K. (2018). Proposed Algorithm for Identification of Vulnerabilities and Associated Misuse Cases Using CVSS, CVE Standards During Security Requirements Elicitation Phase. In Soft Computing: Theories and Applications (pp. 651-658). Springer, Singapore.
Mell, P., & Grance, T. (2002). Use of the common vulnerabilities and exposures (cve) vulnerability naming scheme (No. NIST-SP-800-51). NATIONAL INST OF STANDARDS AND TECHNOLOGY GAITHERSBURG MD COMPUTER SECURITY DIV.
