Vulnerability with regards to computer security
Vulnerability, with regards to computer security, refers to weakness in the computer system or network that enables an attacker to make unauthorized access into the system and affect its information assurance.
Any venerability is nothing, but an intersection of 3 basic elements – (i) Flaw or system susceptibility, (ii) access to the flaw by the attacker, and (iii) the capability of the attacker to access and exploit the identified flaw. An attacker usually employs a technique or a tool that can easily connect to the weakness of the system. Also defines as ‘security risk’, vulnerability can be of many types. Most of the threats or computer security vulnerability are categories into 7 classes – exploits, eaves dropping, social engineering, denial of series exploits, indirect attacks, backdoors, and the direct access attacks.
Vulnerabilities can also be classified depending on their asset class, as follows:
- Hardware – Susceptibilities to dust, humidity, soiling, and unprotected storage
- Software – Inadequate audit trail and testing
- Network – Unsecured lines of communication and improper network architecture.
- Personnel– Insufficient security awareness and improper recruiting processes
- Site – Inadequate infrastructure, unreliable source of power, bad disaster management.
- Organizational – inadequate regular audit and plans for IT security implementation.
The main causes of venerability includes complexity of systems, familiarity with the system codes, easy connectivity, flaws in password management, and flaws in OS design, software bugs, non-validated user inputs, and internet browsing.
Examples: Most commonly detected software flaws include buffer overflows, violation of memory safety, dangling pointers, errors in input validation, SQL injection, string bugs, e-mail injection, code injections, directory transversal, HTTP header injection, symlink races, cross-site scripting, Click Jacking, failures of user interface, and privilege escalation.
Thus, security of a computer system or network can be breached for both good and bad intentions. If done by modifiers or malicious intruders, any security breach can cause severe damage and financial loss, while any such breach done in form of intruding, vulnerability assessment, or penetration testing, will strengthen the organization’s IT security systems.