This tutorial explains what the vulnerabilities, exploits, threats, and mitigation techniques are and what the differences between these terms are.
Vulnerabilities, exploits, threats, and mitigation techniques are the most commonly used security terms. Security professionals use these terms to identify the following things.
- Weak points of the network that can be used to break into the network.
- Tools that can be used to find weak points.
- Persons or programs that break-in, destroy, steal or modify something without permission.
- Tools and techniques that can be used to fix weak points.
The term vulnerability refers to a weak point of the network that can compromise the security of the network. The term exploit refers to a tool that can be used to find a vulnerability in a network. The term threat refers to a person or a program that uses exploits and vulnerabilities to break into the network. The term mitigation technique refers to a tool or a technique that can be used to protect the network or weak points of the network.
Let's take an example to understand these terms in detail. A basic network contains a workstation and a server. The workstation is directly connected to the server. The server contains applications. The workstation provides a platform to access the server's applications. There is only one user who uses the workstation.
The following image shows this network.
Since there is only one user and the network is not connected to the public network, you can consider this network as a secured network. A secure network is a network that contains only known users, every user is allowed to access everything on the network, and the network is not connected to an external or a public network in any manner. Such a network is known as a closed system network.
In real life, networks are complex. They contain several users. They may provide access to external users. They may also connect to the Internet. Such a network is known as an open system network. An open network is a network that can be accessed from the outside of the network. Normally, an open network contains multiple users and uses several policies to define user rights.
Since an open network allows connections from unknown users and uses public networks for business purposes, it has several weak points. These weak points are known as vulnerabilities. A weak point can be a software bug, misconfiguration, pirated application, or any other object that can be used to break into the network without permission.
Let's extend our example network. Suppose, the administrator hired a person to work with him on a project. The person lives in a remote place. The administrator installed an application on the server that allows a remote connection via the Internet. The application generates a key and uses the key to authenticate the access. The administrator shares the key with the person. The person accesses the server through the Internet and uses the key for authentication.
The following figure shows this scenario.
Now, this network has a point that allows users to enter the network. If this point is not properly configured or the application that allows remote access has a bug, hackers can use this point to break into the network. Since this point can be used to break into the network without permission, it is considered a vulnerability.
Vulnerabilities cannot harm the network until they are detected. To detect vulnerabilities, hackers use many tools such as a port scanner, packet capture, wire sniffer, etc. These tools are known as exploits. An exploit is a tool that a hacker uses to find vulnerabilities in a network.
The following figure shows the use of an exploit in our example network.
Once a hacker discovers a vulnerability, it uses that vulnerability to break into the network. In our example, a hacker used an exploit to duplicate the access key. Vulnerabilities (weak points) and exploits (tools that discover weak points) do not harm the network. The person who uses exploits to detect vulnerabilities and uses vulnerabilities to break into the network is harmful to the network. So the real threat to the network is the person who breaks into the network. A threat is a person or an application that breaks into the network or does something that is not permitted.
The following image shows how a hacker creates a threat to the network.
To keep the network safe, security professionals use several techniques. These techniques are known as mitigation techniques. A mitigation technique is a technique or tool that a security professional uses to protect the network from threats. Mitigation techniques are the counter measurements of network threats. Firewalls and VPNs are the two most common mitigation techniques that security professionals use to secure a connection on a public network.
The following shows how these techniques work in our example network.
A VPN creates a secure path that does not allow hackers to sniff sensitive information. A firewall filters the traffic. It permits traffic only from the authenticated sources. You can create several rules on a firewall, such as IP-based access. If you configure IP-based access, the firewall will allow traffic only from the allowed IP addresses. Even a hacker manages to get the key, he will not be able to access the lock (application) where he can use the key.
Watch video edition of this tutorial
That's all for this tutorial. In this tutorial, we discussed what the vulnerabilities, exploits, threats, and mitigation techniques are and what the differences between these terms are.