Vulnerability

A vulnerability can be defined as a flaw or weakness in the system that an attacker can use to attack the system/network. A vulnerability in the system/network can be caused as a result of a malicious attack, or it can be triggered accidentally because of the failure in the policy implementation. Vulnerabilities can also occur due to the installation of a new software update, due to the installation of unlicensed third-party tools, and so on. 

There are two different terms to be remembered: bug and vulnerability. Both of these terms are similar, which explains the weakness in the programming. A bug may not be risky for the product, and the attackers may not use this to attack, but a vulnerability can create a way for the attackers to gain access to the system/network. Thus a vulnerability should be addressed and patched as soon as possible.

The following are some of examples of vulnerability exploits:

• An attacker installs malware to export sensitive data using a buffer overflow weakness. Using that malware, the attacker convinces the user and opens an email message. 
• An employee of an organization copies an encrypted, hardened program to a USB drive and tries to crack it at his home.

Typically, network vulnerabilities are classified into three primary types:

• Technology weaknesses
• Configuration weaknesses
• Security policy weaknesses