- August 16, 2023: New Grading & Finding Behavior sections.
- May 11, 2020: Linked to related topics (rating details, data collection methods, & finding details).
The Insecure Systems risk vector assesses endpoints (which can be any computer, server, device, system, or appliance with internet access) that are communicating with an unintended destination. The software of these endpoints may be outdated, tampered, or misconfigured. A system is classified as “insecure” when these endpoints try to communicate with a web domain that doesn’t yet exist or isn’t registered to anyone. This can happen for a few reasons:
- The device manufacturers/developers stopped supporting their product. The original domains that were registered have since become “abandoned” (the domain has not been renewed).
- A device has been purposely tampered with or is mis-configured. These devices are trying to reach out to unregistered/misnamed domains for software updates or other communications.
Some examples include mobile devices on debug or root mode that are reaching for rogue application content or abandoned applications fetching server configurations.
- If the destination domain is registered by attackers, they can have the ability to inject malicious code into the insecure system.
- Endpoints can become exposed to rogue application services and markets. The software in these endpoints have been tampered with or have been misconfigured. The open communication with a remote server may allow attackers to inject code that results in a breach to the organization and access to sensitive data.
The rating is positively impacted if there are no findings for this risk vector.
(Out of 70.5% in Diligence)
Review Insecure System findings. Identify known insecure systems and uninstall or update the firmware of insecure applications (endpoints).
If no host is present when identifying insecure systems, the SMB protocol does not provide the domain that can be directly attributed to the connection in the packet exchange. Though the domain resolves to a particular IP, an endpoint machine from your network was observed doing a DNS lookup to a Bitsight sinkhole with the NetBios network through the SMB protocol.
User-Requested: User-requested refresh not available.
|New findings immediately impact the grade.