1: 7 Vulnerability Scanning Flashcards
What are the four steps of the vulnerability patching process?
1) Company learns of vulnerability
2) Developers analyze issue and develop patch
3 Company releases patch to customers
4) Customers apply patch to remediate vulnerability
Vulnerability Management
Detects, remediates, and reports vulnerabilities
What are the different types of vulnerability requirements an organization must follow?
Corporate policy, regulatory requirements, system security
PCI DSS
Credit Card Management requirement documentation
FISMA - NIST 853
Government requirement documentation
Network Vulnerability Scan
Probes devices for security issues
Application Scan
Tests code running on an organization’s devices
Web Application Scan
Probes for risks such as SQL injection
What is the best way to assess an organization’s vulnerabilties?
Pairing scans with configuration and log reviews
What are the three ways to prioritize assets to be scanned?
Impact, Likelihood, Criticality
Impact
Highest data classification handled by system
Likelihood
Network exposure, what services are exposed to outside world
Criticality
Impact the system has on business operations
What are the ways an organization can configure a vulnerability scan
Target applications, schedule for certain groups, configure types of network pings, target ports, protocols to follow, testing accuracy
What is a vulnerability scan plugin
The ability to test for one specific vulnerability.
Scanner in the DMZ
Unrestricted access to webserver as it doesn’t have to pass through firewall (most clear view)
Scanner on the network
Firewall may block some rules for scanner
Scanner on the internet
Firewall will block most, scanner will see fewest vulnerabilities (attackers view)
Agent-based Scans
Reaches out over network to probe
Server-based Scans
Scanners installed on each target device and then report to system (more complex)
Credentialed Scanning
Using passwords to log into systems (read only access, not admin credentials)
SCAP
Security Content Authentication protocol - led by NIST - format for talking about issues
CVSS
Common Vulnerability Scoring System - widely used to evaluate severity of vulnerability
CCE
Common Configuration Enumeration - Consistent language when talking about system configuration
CPEs
Common Platform Enumeration - Consistent language when talking about platform configuration
CVE
Common Vulnerability Enumeration - Consistent language when talking about vulnerabilities
XCCDF
Extensible Configuration Checklist Description Format - language for creating and sharing checklists
OVAL
Open Vulnerability and Assessment Language - describe testing procedures in a programmatic fashion
What is the scoring of the CVSS
10-point scale - based on 8 metrics
What are the 8 metrics used to score the CVSS
UI User Interaction, Privileges Required Metric, Attack Complexity, Attack Vector, Confidentiality, Integrity, Availability, Scope
How should the results of a scan be prioritized?
Vulnerability severity, system criticality, information sensitivity, remediation difficulty, system exposure
Scan validation
Correlate scan results with other sources of information i.e. Industry Standards, Technical Information Sources, Trend Analysis
