The Insecure Systems risk vector assesses endpoints (which can be any computer, server, device, system, or appliance with internet access) that are communicating with an unintended destination. The software of these endpoints may be outdated, tampered, or misconfigured. A system is classified as “insecure” when these endpoints try to communicate with a web domain that doesn’t yet exist or isn’t registered to anyone. This can happen for a few reasons:
- The device manufacturers/developers stopped supporting their product. The original domains that were registered have since become “abandoned” (the domain has not been renewed).
- A device has been purposely tampered with or is mis-configured. These devices are trying to reach out to unregistered/misnamed domains for software updates or other communications.
Some examples include mobile devices on debug or root mode that are reaching for rogue application content or abandoned applications fetching server configurations.
Learn more:
Risks
- If the destination domain is registered by attackers, they can have the ability to inject malicious code into the insecure system.
- Endpoints can become exposed to rogue application services and markets. The software in these endpoints have been tampered with or have been misconfigured. The open communication with a remote server may allow attackers to inject code that results in a breach to the organization and access to sensitive data.
Grading
See how the Insecure Systems risk vector is graded.
Concept | Behavior |
---|---|
Duration: 60 Days |
|
A default risk vector grade is assigned. |
The rating is positively impacted if there are no findings for this risk vector. |
Percentage (out of 70.5% in Diligence): 2.5% |
Remediation
Review Insecure System findings. Identify known insecure systems and uninstall or update the firmware of insecure applications (endpoints).
If no host is present when identifying insecure systems, the SMB protocol does not provide the domain that can be directly attributed to the connection in the packet exchange. Though the domain resolves to a particular IP, an endpoint machine from your network was observed doing a DNS lookup to a Bitsight sinkhole with the NetBios network through the SMB protocol.
Finding Behavior
Concept | Behavior |
---|---|
The Bitsight platform regularly checks for new observations. Bitsight findings are updated as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated. |
Automated Scan Duration: Daily User-Requested Refresh Duration: Not Available |
New findings immediately impact the grade. |
- March 25, 2024: “No findings/low findings” changed to “insufficient data.”
- August 16, 2023: New Grading & Finding Behavior sections.
- May 11, 2020: Linked to related topics (rating details, data collection methods, & finding details).
Feedback
0 comments
Please sign in to leave a comment.