1.7 Summarize the techniques used in security assessments Flashcards
Threat hunting
A dynamic process of seeking out cybersecurity threats inside your network from attackers and malware threats
Intelligence fusion
Fusion Centers are state-owned and operated centers that serve as focal points in states and major urban areas for the receipt, analysis, gathering and sharing of threat-related information between State, Local, Tribal and Territorial (SLTT), federal and private sector partners.
Involves Industry and government
Advisories and bulletins
Advisories and bulletins provide good advice on how to keep you company safe.
The advisories tend to be released government-funded agencies
Bulletins tend to be released by vendors or private companies.
Maneuver
A cybersecurity maneuver, then, refers to a company’s efforts to defend itself by disguising its systems, thereby making it difficult to successfully infiltrate.
Vulnerability scans
A vulnerability scanner is a program specifically designed to scan a system via the network to determine which services the system is running and whether any unnecessary open network ports, unpatched operating systems and applications, or backdoors can be exploited.
Network administrators can use the same vulnerability scanner software to take preventive measures to close vulnerabilities that exist on their systems.
Vulnerability scanner typically include a few scanning and security assessment capabilities, such as configuration scanning, port scanning, network scanning and mapping, and OS and application server scanning.
False positives (Vulnerability scans)
A false positive occurs when a vulnerability scan reports a vulnerability that does not actually exist.
It’s worth looking at each result to be sure it is legitimate, especially if you plan to use the results to make enterprise wide changes.
False negatives (Vulnerability scans)
A false negative occurs when a vulnerability indeed exists but it is not detected by the scanner.
Log reviews (Vulnerability scans)
Log reviews from servers, applications, network devices and other sources that might contain information about possible attempts to exploit detected vulnerabilities.
Credentialed vs. non-credentialed (Vulnerability scans)
A credentialed scan is a much more powerful version of the vulnerability scanner. It has higher privileges than a non-credentialed.
Credentialed scans may access operating systems, databases, and applications, among other sources.
A non-credentialed scan has lower privileges than a credentialed scan. It will identify vulnerabilities that an attacker would easily find.
Intrusive vs. non-intrusive (Vulnerability scans)
Non-intrusive scans are passive and merely report vulnerabilities. They do not cause damage to your system.
Intrusive scans can cause damage as they try to exploit the vulnerability and should be used in a sandbox and not on your live production system.
Application (Vulnerability scans)
Before applications are released, coding experts perform regression testing that will check code for deficiencies
There are three techniques to this scan:
*Static testing = analyzes code without executing it. This approach points developers directly at vulnerabilities and often provides specific remediation suggestions.
*Dynamic testing = executes code as part of the test, running all the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities.
*Interactive testing = combines static and dynamic testing, analyzing the source code while testers interact with the application through exposed interfaces.
Web Application (Vulnerability scans)
Web application scanners are specialized tools used to examine the security of web applications. These tools test for web-specific vulnerabilities, such as SQL injection, xss, and xsrf or csrf vulnerabilities.
Network (Vulnerability scans)
These scans look at computers and devices on your network and help identify weaknesses in their security.
Common Vulnerabilities and Exposures or CVE/ Common Vulnerability Scoring System or CVSS (Vulnerability scans)
The Common Vulnerability Scoring System CVSS is an industry standard for assessing the severity of security vulnerabilities. It provides a technique for scoring each vulnerability on a variety of measures
Common Vulnerabilities and Exposures CVE is simply a list of all publicly disclosed vulnerabilities that includes the CVE ID, a description, dates, and comments.
CVSS score:
- 0.0 = none
- 0.1 - 3.9 = low
- 4.0 - 6.9 = medium
- 7.0 - 8.9 = high
*9.0 - 10.0 = critical
The CVSS sore is not reported in the CVE listing - you must use the National Vulnerability Database NVD to find assigned CVSS scores.
The National Vulnerability Database NVD is a database, maintained by NIST, that is synchronized with the MITRE CVE list
Configuration review (Vulnerability scans)
Configuration compliance scanners and desired state configuration in PowerShell ensure that no deviations are made to the security configuration of a system.
