2.3 Information gathering & Vulnerability scanning: Vulnerability scanning Flashcards
Vulnerability Scanning: what is it?
The process of assessing a computer, server, network, or application for known weaknesses:
● System weaknesses
● Report
● Recommendations
Vulnerability Lifecycle: what is a vulnerability?
Any weakness in a system that can be exploited by a threat actor to gain unauthorized access to a computer system
Vulnerability Lifecycle: what are the different attack surface - things that you can target for an attack (3)?
▪ Client
▪ Server
▪ Network device
Vulnerability Lifecycle: what is the Vulnerability Lifecycle (5) and describe each phase?
1/ Discover: identify vulnerability, create exploit
2/ Coordinate: report vulnerability, generate the CVE
3/ Mitigate: release CVE, create patch
4/ Manage: deploy patch, test system
5/ Document: record results, lessons learned
Vulnerability Lifecycle: what is a Unknown (Zero-Day) Vulnerability?
Any unpublished vulnerability somebody has discovered and has not yet made known to the manufacturer
Vulnerability Scans: what is vulnerability scanning?
A specialized type of automated scan for hosts, systems, and networks to determine the vulnerabilities that exist on a given system
Vulnerability Scans: what are the vulnerability scanning tools(5)?
▪ OpenVAS
▪ Nessus
▪ QualysGuard
▪ Nexpose
▪ Nmap
Vulnerability Scans: what are the different vulnerability scanning types (2) and explain each of them?
▪ Credentialed Scan: Uses an authorized user or administrator’s account credentials to be performed. Credentialed scans are usually performed by the network defenders and cybersecurity analysts
▪ Non-Credentialed Scan: Conducted when the vulnerability scanner does not have valid user or admin login credentials
Vulnerability Scans: what are the different scanning types (4)?
▪ Discovery Scan
▪ Full Scan
▪ Stealth Scan
▪ Compliance Scan
Vulnerability Scans: what is a discover scan?
The least intrusive type of scan and can be as simple as conducting a ping sweep
Vulnerability Scans: what is a full scan?
A full scan gets easily detected by network defenders and cybersecurity analysts
Vulnerability Scans: what is a stealth scan?
Conducted by sending a SYN packet and then analyzing the response (= SYN/ACK, RST)
Vulnerability Scans: how not to be detected when doing a stealth scan?
Evading Detection:
o Slow down scans
o Break into individual scans
o Mask true source
Vulnerability Scans: what is a compliance scan?
● Used to identify vulnerabilities that may affect compliance with regulations or policies
● Example: PCI-DSS scan
Vulnerability Scans: explain what Nmap is doing?
▪ A great tool for mapping out the network, finding open ports, running services, and the basic versioning of each service
▪ Nmap Scripting Engine (NSE): Conducts basic vulnerability scanning using Nmap