Module 1 part-2

#cct #module1

Vulnerabilities ခွဲခြမ်းစိတ်ဖြာခြင်း

Multi-column

Vulnerability ဆိုတာဘာလဲ?

Refers to the existence of weakness in an asset that can be exploited by threat agents

အားနည်းချက်ကြောင့်ဖြစ်လာနိုင်မည့်အကျိုးဆက်များ

*စာမျက်နှာ 121 page 107 *

Multi-column

ဥပမာ-( ၁ ) Network လုံခြုံရေးအားနည်းတယ်ဆိုတာ

TCP/IP >>HTTP, FTP, ICMP, SNMP, SMTP are inherently insecure
Operating System >>An OS can be vulnerable because: • It is inherently insecure • It is not patched with the latest updates
Network Device >>Various network devices such as routers, firewall, and switches can be vulnerable due to:
Lack of password protection
Lack of authentication
Insecure routing protocols
Firewall vulnerabilities

ဥပမာ-( ၂ )Network လုံခြုံရေးအားနည်းတယ်ဆိုတာ

User account >> Originating from the insecure transmission of user account details such as usernames and passwords, over the network
System account >>Originating from setting of weak passwords for system accounts
Internet service misconfiguration >> Misconfiguring internet services can pose serious security risks. For example, enabling JavaScript and misconfiguring 11S, Apache, FTP, and Terminal services, can create security vulnerabilities in the network
Default password >>Leaving the network devices/products with their default passwords and settings
Network device misconfiguration >>Misconfiguring the network device

Multi-column

*စာမျက်နှာ 126 page 122 *

Multi-column

အားနည်းချက်ကြောင့်အထိနာနိုင်

ဆိုးကျိုး

Risk refers to the potential loss or damage that can occur when a threat to an asset exists in the presence of a vulnerability that can be exploited

ဥပမာ Example Of Risks

Disruption or complete shutting down of the business
Loss of productivity
Loss of privacy
Theft of information
Legal liability (ဥပဒေအရ-တာဝန်ယူတာဝန်ခံမှူ့)
Damage to reputation and consumer confidence(ဂုဏ်သိက္ခာနှင့် သုံးစွဲသူများ၏ ယုံကြည်မှုကို ထိခိုက်စေခြင်း)

*စာမျက်နှာ 131 page 116 *

အနောက်စာမျက်နှာသို့