Insecure Systems are sorted into the following categories:
Category | Explanation of Risks | Examples of Systems in this Category |
---|---|---|
Debug Firmware Detected |
Explanation: Systems in this category are mobile devices that have rootkit capabilities disguised as a debug tool, and are reaching out to unregistered domains. Risks:
|
Mobile Firmware |
File Sharing |
Explanation: Systems in this category are reaching out to abandoned torrent tracker domains for information about files to download via BitTorrent. Learn more about File Sharing trackers. Risks:
|
|
Proxy Configurations |
Explanation: Systems in this category are using an abandoned domain for proxy configuration. Risks:
|
Misconfigured Proxy Domains |
NetBios |
Explanation: Systems in this category are reaching out to Windows NetBios networks via an abandoned domain. Risks:
|
Windows NetBios |
Abandoned Software |
Explanation: Systems in this category have applications which are either no longer maintained (the software has been “abandoned”* by its developers) or are communicating to the wrong servers; in either case, there is software present that is reaching out to an unregistered domain. Risks:
|
|
IPTV |
Explanation: Systems in this category are smart TV systems and other media systems that are reaching out to abandoned domains*. Risks: Endpoint** is reaching out to unused IPTV platform related services, which may allow attackers to capture endpoint data. |
|
Remote Management |
Explanation: Systems in this category involve either software that is responsible for automatically providing updates, or network or other hardware used in business environments, that is reaching out to abandoned domains*. Risks:
|
|
LDAP |
Explanation: Systems in this category have Lightweight Directory Access Protocol (LDAP) services running, which are used to manage information about an organization's employees, systems, and applications in the network; these services are reaching out to abandoned domains*. Risks: Attackers that hijack the abandoned domains may be able to interact with endpoints**, and obtain sensitive information. |
Expired Windows LDAP Domains |
SMB |
Explanation: Systems in this category are reaching out to Windows NetBios networks via abandoned domains*. Risks:
|
* “Abandoned domains” are no longer registered to anyone. They may have been abandoned if the manufacturer/developer shut down or it slipped the domain owner's attention.
** “Endpoints” refer to desktop computers, servers, or handheld devices that have internet access.
Resources
- Bitsight Blog, “Inherent Risk: How Insecure Systems Pose a Threat to Network Security”
- Carnegie Mellon University, “Ragentek Android OTA update mechanism vulnerable to MITM attack”
- Cisco Systems, Inc., “Web Proxy Auto Discovery Protocol”
- Mozilla and individual contributors, “Proxy Auto-Configuration (PAC) file”
- The Kodi Foundation
- Bitdefender, “Kodi Media Center Vulnerability Exposes Users to Man-in-the-Middle Attacks”
- July 17, 2018: Published.
Feedback
0 comments
Please sign in to leave a comment.