Time
33 hours 23 minutes
Difficulty
Beginner
CEU/CPE
33

Video Transcription

00:00
Hello and welcome back to cyber is 2019 comp t A Security plus certification preparation course.
00:07
This in fact, a continuation Motor one, which is titled Domain One. Threats, Attacks and Vulnerabilities.
00:15
We have a brand new objective, which encompasses this particular domain, which is 1.6 playing the impact associated with the types of vulnerabilities. And if you learned earlier, ah, vulnerability is a witness. Before we begin, the prices actually highlight Miss Discussion topic of discussion. Further discussing it.
00:32
Let's turn out to toward a pre assessment quiz.
00:36
And the question is as follows.
00:38
A race, condition or raise habit is the behavior of an electronic software or other systems. With a system, substantial behavior is dependent on the secrets or timing of other uncontrollable events has become. It could become a but when one arm or possibly behavior is undesirable,
00:57
is this true or false?
00:59
If you said chill, you're absolutely correct.
01:03
Here again are the topic discussion, which encompasses this particular objective, ranging from race condition all way down. The volume is due to end of life systems, embedded systems or lack of vendor support.
01:17
Some additional topic discussion was encompassed this objective. We have improper input, handling and popular error handling or missed configuration on week configuration
01:26
default configuration resource exhausted all way down a week. Cyprus sweets as well. It's implementation
01:34
and some additional top of discussion was, encompasses objectives, vulnerably business processes, as was weak Cyprus sweets and implementation.
01:42
So the first I'd imagine is defining exactly what is a race condition. Now, when you think about a race, condition or race has it is the behavior of an electronic software. Other system with a system substantial behavior is dependent on the sequence of timing off other uncontrollable events.
02:01
In this case, it could become a book. When one of more than possibly behavior
02:06
is undesirable,
02:08
then we come to vulnerable is when think about IVANOVICH. Remember, at vulnerability is a weakness. Vulnerability is a cybersecurity term that refers to a flaw in the system can leave it open to attack.
02:20
A vulnerable may also refer to any type of weakness in the computer system itself in a set of procedures or anything that leaves that temple security exposed to a threat. Now, a couple of different
02:31
terms we need to highlight within this is end of life systems in this case is used respect to a product supply to customers,
02:39
indicating that the product is in the end of its useful life.
02:44
From have been, obviously, miss case from the vendor perspective, and the vendor stops marketing, selling all we work sustaining. The other words sustain that particular type of situation or software
02:54
when you have embedded system is a dedicated computer system designed for one arm or specific function.
03:01
This system is in bed as part of a complete device system that includes the heart works such as electrical as words were chemical components. Then we have a lack of vendor support. It's a level of vendor support that has become almost as important as the system functional features.
03:20
Improper input handling is used to describe a funding such validations, salinization, filtering, encoding or decoding off input data.
03:30
Improper handling is a leading cause of critical vulnerabilities that exists in today's systems as well as various applications.
03:38
Improper air handling. It can introduce of a right of security problems, particularly when you look at a website. The most common problems wounded when a detail interior error auto internal era MRS such as a stack trace database dump an era coast are displayed to the user. In other words, the hacker
03:55
Miss Configuration Office is a big issue, and offer time arises when your security settings are defined, implement and maintain as defaults.
04:05
Defoe configuration, particularly in computer sound, referred to a pre existent value off a user confortable settings. That is the sign. Other words, in this case of signing a software application, computer program and or device
04:18
the turn resource exhausted is a simple denial of service, a condition that happens when a resource acquire to execute and action are entirely expended, preventing that action from occurring.
04:31
One of the big issue we have nowadays untrained users. One of the physical bottomless is an untrained use. It only takes one person to cause a breach, and although it may be expensive to get everybody there in person and in a single room for half a day is much less expensive than a security breach that might happen. Letters are the words.
04:51
We have to exercise that ability be very proactive
04:55
before an event happens.
04:58
Improperly configured account is another big issue, like the focal figures and counts that have weak passwords, arm or or more person needed are vulnerable
05:06
and what happens? We have a clear example. Be elevated privileges.
05:11
They would have vulnerable, vulnerable business processes. It can affect a collection related structure. Activities, attacks by people equipment, which in specific sequence produce a service, a product for particular customer or other words. Customers.
05:25
You also have a week. Cyprus Sweet implementation is the fine as encryption or decryption algorithm that uses a key, often insufficiently.
05:33
When you go by the presser, using an insufficiently keep for an encryption or decryption, it opens up the possibility under words the probability that encryption scheme could be broken. Other words. It can be cracked
05:48
now in our upcoming topics. Working Tian discussion the main one, which is titled Threats, Attacks and Vulnerabilities and we continue our discussion off 1.6 explained the impact. So they associate it with the types of bone abilities.
06:02
I look forward to seeing a very next video

Up Next

CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor