1.6 Threat vectors & attack surfaces
📘CompTIA Security+ SY0-701
🔹 Overview of Threat Vectors & Attack Surfaces
Before diving into open ports and default credentials, you need to remember:
- A threat vector is the path an attacker uses to get into a system.
- An attack surface is the total number of possible ways (points) an attacker can exploit.
Open ports and default credentials are both attack surface weaknesses that attackers can use as threat vectors to gain access.
🧩 1. Open Service Ports
✅ What are Service Ports?
A port is like a communication doorway on a computer or network device that allows data to enter or leave.
Every service (like web, email, file sharing) uses a specific port number to communicate.
Examples:
- Port 80 – HTTP (web traffic)
- Port 443 – HTTPS (secure web traffic)
- Port 22 – SSH (remote management)
- Port 3389 – RDP (Remote Desktop Protocol)
Each of these ports must be open if the service is active and accepting network traffic.
⚠️ What are Open Service Ports?
When a port is open, it means that the service listening on that port is reachable over the network.
However, if unnecessary ports are left open, they can become security risks.
Example (IT-related):
- A file-sharing service running on port 445 (SMB) is open on a public network server — attackers can try to exploit vulnerabilities in that service.
🧨 Why Open Ports are a Threat Vector
Attackers use tools like:
- Nmap (Network Mapper)
- Netcat
- Zenmap
to perform port scanning, which identifies which ports are open on a system.
Once they know what services are running, they can:
- Identify vulnerabilities in that service or software version.
- Exploit known flaws (like unpatched servers).
- Attempt brute-force attacks on services (like SSH or FTP).
- Gain unauthorized access or install malware.
So, every open port is a potential entry point into your system.
🔒 Best Practices to Secure Open Ports
- Disable Unused Services and Ports
- If a service isn’t needed, disable it.
- Reduces the attack surface.
- Use Firewalls
- Control inbound and outbound traffic.
- Only allow necessary ports (for example, port 443 for HTTPS).
- Perform Regular Port Scans
- Routinely check your systems to find unexpected open ports.
- Segment Networks
- Keep internal services isolated from the public network.
- Use Intrusion Detection/Prevention Systems (IDS/IPS)
- Detect unusual port activity or scanning attempts.
- Patch and Update Services
- Old versions of services running on open ports may contain vulnerabilities.
🔍 Exam Tip
CompTIA might ask:
“Why are open ports considered a security risk?”
Correct reasoning:
- Because they allow network access to specific services, and attackers can use them to exploit vulnerabilities or gain unauthorized access.
🧩 2. Default Credentials
✅ What are Default Credentials?
Default credentials are the factory-set usernames and passwords that come pre-configured with devices, applications, or systems.
For example:
- Routers, switches, printers, web applications, and IoT devices often come with default logins like:
- Username: admin
- Password: admin or password
These are meant to be changed after setup, but many organizations forget or ignore this step.
⚠️ Why Default Credentials are Dangerous
Attackers can easily find default credentials because:
- Manufacturers publish them in manuals or online documentation.
- Large databases of default credentials are freely available on the internet.
If administrators fail to change them, attackers can:
- Login remotely using those credentials.
- Gain administrative privileges.
- Install malware, steal data, or reconfigure the system.
Example (IT context):
- A database management console on port 3306 (MySQL) still uses default admin credentials. An attacker could log in and extract or modify sensitive data.
🧨 How Attackers Exploit Default Credentials
- Network Scanning
- Attackers find devices (like routers or web interfaces) on the network.
- Brute Force or Credential Stuffing
- They try known default usernames and passwords automatically.
- Remote Management Exploitation
- If a remote interface (like SSH, RDP, or web admin page) is open and still uses default credentials, the attacker can take control instantly.
🔒 Best Practices to Prevent Default Credential Exploits
- Change All Default Passwords Immediately
- During setup, change to strong, unique passwords.
- Use Complex and Unique Credentials
- Combine letters, numbers, and special characters.
- Avoid reusing passwords across devices.
- Implement Password Policies
- Require periodic password changes.
- Use multi-factor authentication (MFA) if possible.
- Disable or Remove Default Accounts
- If a default admin account is not needed, disable or delete it.
- Automate Credential Management
- Use password management tools to rotate credentials regularly.
- Monitor Login Attempts
- Use logging and alerts to detect failed logins or brute-force attempts.
🔍 Exam Tip
CompTIA might ask:
“Why are default credentials a common attack vector?”
Correct reasoning:
- Because many devices or systems are deployed without changing factory-set credentials, making it easy for attackers to gain unauthorized access.
🧠 Summary Table
| Concept | Description | Risk | Defense |
|---|---|---|---|
| Open Service Ports | Network communication endpoints used by services | Attackers scan for open ports to exploit vulnerabilities | Disable unused ports, firewall rules, regular scans |
| Default Credentials | Factory-set usernames/passwords on devices or apps | Attackers use known defaults to log in and gain control | Change default passwords, enforce strong credentials, MFA |
🏁 Key Takeaways for the Exam
- Open ports and default credentials both increase the attack surface.
- Attackers commonly scan for open ports and try default logins to find weak targets.
- The best defense is reducing unnecessary exposure and enforcing strong authentication.
- Regular auditing, patching, and network segmentation are crucial to secure IT environments.
