037_Misconfiguration Vulnerabilities – CompTIA Security+

Amazon S3

Google Cloud Storage

Dropbox

Azure Blob Storage

iCloud

They provide elevated access to critical system functions

They are always online

They are immune to brute-force attacks

They use two-factor authentication by default

They contain no sensitive information

123456

Pa$$w0rd!

L0g1nS3cur3

QwErTyUiOp

S3cur3Adm1n

Disable direct login and use sudo instead

Allow full-time access for convenience

Rename the root account

Store the root password in a shared document

Enable root login over Telnet

Telnet sends data in plaintext

Telnet encrypts traffic but not credentials

Telnet compresses traffic, making it unreadable

SSH cannot be used for administrative tasks

Telnet is limited to wireless networks only

Wireshark

Nmap

Nessus

Metasploit

SNORT

Passwords and cookies

Encrypted VPN traffic

Binary executable code

MAC addresses only

Voice call data