Week 3 Posting - Threats and Vulnerabilities Associated with Specialized Technology and Operating in the Cloud; Mitigating Controls for Attacks and Software Vulnerabilities

 

Vulnerabilities

            According to Fortinet, four IoT threats to devices include limited hardware, a mix of transmission technology, vulnerable components, and user security awareness (Fortinet, 2023). In most cases, consumers of any IoT products have limited amount of security and security awareness since some of these devices lack built-in security to combat cyber threats. For example, Chapman and Maymi explains the functionality of the Mirai botnet, a malware that attacks IoT devices (Chapman & Maymi, p.130, 2020). To put things into perspective, the attacker attacks the control server which initially attacks the compromised hosts and ultimately affects the victim by attacking traffic. Another vulnerability to consider are weak or defaulted passwords or passcodes. Users settle for easy and fast passwords to access their devices and ignoring the risks of implementing harder passwords, which should include special characters, numbers, and extended character requirement. For example, “R3ign0ver!37” a solid password should be around 12-15 characters added with special characters and capital or lower-case sensitivity. 

References:

Chapman, B., & Maymi, F. (2020). CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002). McGraw Hill Professional.

Top IoT Device Vulnerabilities: How To Secure IoT Devices | Fortinet. (n.d.). Fortinet. https://www.fortinet.com/resources/cyberglossary/iot-device-vulnerabilities

Week 2 Posting - Vulnerability Management Activities and Vulnerability Assessment Tools

 Active scanning and passive scanning have their advantages and disadvantages. When it comes to active scanning, I will have an ongoing overview of the health and processes of my home network. In addition, this method of scanning collects basic and detailed profile and configuration information. However, due to fast data collection and active operation, the consequences of endpoint malfunction could be lethal in the long run. Although it’s great to be on top of my game and actively running tests and scans, overloading the signals and causing network traffic could be tedious. On the flip side, passive scanning operates in silence. Unlike its counterpart, passive scanning scans my systems and applications without any direct interaction with the network. The good thing about this is that it does not clog up the network traffic while identifying the traffic patterns and conditions of every endpoint. The downside of passive scanning is it takes forever to collect important data since it has to wait for each asset to finish its operation. Since I’m not running a business and this is more towards personal use, I’m leaning more towards passive scanning since it still gets the job done without excessive manual scanning (Sherry, 2020).

References:

Chapman, B., & Maymi, F. (2020). CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002). McGraw Hill Professional.

Sherry, C. (2020, April 21). Advantages and Disadvantages of Active vs. Passive Scanning in IT and OT Environments. Infosecurity Magazine. https://www.infosecurity-magazine.com/opinions/active-passive-scanning/

Week 1 Posting - Introduction

Hello IT World,

My name is Genesis Perez, and I am an Information Technology student attending Bellevue University. I've always found technology extremely fascinating and spectacular. I enjoy utilizing technology daily, whether it's at the comfort of my own home or working in my office at work. Technology is much more accessible and affordable now. New gadgets like the Apple Vision Pro and advanced artificial intelligence are on the rise and will continue to structure the future. That being said, with the rise of technology comes with the rise of threats and cyber-attacks. It is crucial to be well equipped and prepared for any threats that could potentially damage your device, documents, and reputation. I am a firm believer of cyber security and its role in the defense against hackers and malicious tools. I am excited to learn more about cyber security and proper procedures to handling security power and monitoring your respected network / systemic area.