System vulnerabilities
System vulnerabilities 1
1. Network vulnerabilities
Network vulnerabilities are a major source of attacks on a business’s IT systems.
Any open network port is a potential vulnerability that can be exploited to spread malware,
access and steal data.
A way to block these ports is by using firewalls by adding security but if those ports are
poorly configured it will still leave the network vulnerable.
A network port is the endpoint of a network communication. There are thousands of different
ports that are used for different applications. For example, HTTP uses port 80 and IMAP
uses port 143.
All ports are potentially at risk of attack which can be used as a way of spreading malware to
the system or potentially could be exploited to gain access to data on the system.
Another source of network vulnerabilities are external storage devices. These can be used
to bring in malicious software into the organisation from within the network without people
knowing.
For example An employee may use a USB stick on their home computer that is infected with
malware and when they bring that USB stick to work and connect it to their PC it can affect
other work computers and potentially spread throughout the network.
2. Organisational vulnerabilities
The processes and policies of the organisation can also be a serious source of vulnerability.
For example, the file permissions and privileges assigned to employees could leave them
wide open to a number of threats.
File permissions and privileges are used to assign staff with the rights to access certain
drives, folders & files, as well as giving them access to different functions (e.g. the ability to
install software).
If staff access is not restricted this can make the user login capable of causing a lot of
damage. Damages can contain accidental damage such as deleting important data by
accident or malicious damage.
This is why organisations should only assign the permission and privileges each staff
member requires in order to do their work.
Another example of organisational vulnerability is the password policy. This refers to a set of
rules when making a password. This is to ensure that logins are secure and can not easily
be guessed.
System vulnerabilities 1
1. Network vulnerabilities
Network vulnerabilities are a major source of attacks on a business’s IT systems.
Any open network port is a potential vulnerability that can be exploited to spread malware,
access and steal data.
A way to block these ports is by using firewalls by adding security but if those ports are
poorly configured it will still leave the network vulnerable.
A network port is the endpoint of a network communication. There are thousands of different
ports that are used for different applications. For example, HTTP uses port 80 and IMAP
uses port 143.
All ports are potentially at risk of attack which can be used as a way of spreading malware to
the system or potentially could be exploited to gain access to data on the system.
Another source of network vulnerabilities are external storage devices. These can be used
to bring in malicious software into the organisation from within the network without people
knowing.
For example An employee may use a USB stick on their home computer that is infected with
malware and when they bring that USB stick to work and connect it to their PC it can affect
other work computers and potentially spread throughout the network.
2. Organisational vulnerabilities
The processes and policies of the organisation can also be a serious source of vulnerability.
For example, the file permissions and privileges assigned to employees could leave them
wide open to a number of threats.
File permissions and privileges are used to assign staff with the rights to access certain
drives, folders & files, as well as giving them access to different functions (e.g. the ability to
install software).
If staff access is not restricted this can make the user login capable of causing a lot of
damage. Damages can contain accidental damage such as deleting important data by
accident or malicious damage.
This is why organisations should only assign the permission and privileges each staff
member requires in order to do their work.
Another example of organisational vulnerability is the password policy. This refers to a set of
rules when making a password. This is to ensure that logins are secure and can not easily
be guessed.
