5 - Vulnerability Analysis Flashcards
1
Q
What are Vulnerability assessments?
A
- Vulnerability assessments scan networks for known security weaknesses.
- Attackers use vulnerability assessments to identify security loopholes.
2
Q
What are the main causes of Vulnerabilities?
A
- software/hardware misconfiguration
- poor programming processes
3
Q
What is Vulnerability Research?
A
- The process of discovering vulnerabilities and design flaws
- Vulnerabilities are classified based on severity level (low, medium, or high) and exploit range (local and remote)
4
Q
What type of categories are vulnerabilities classified in?
A
-
Misconfiguration:
- The most common vulnerability that is mainly caused by human error which allows attackers to gain unauthorized access to the system.
- A system can be misconfigured in so many ways:
- An application running with debug enabled
- Outdated software running on the system
- Running unnecessary services on a machine
- Using misconfigured SSL certs and default certs
- Improperly authenticated external systems
- Disabling security settings and features
-
Default Installations:
- Usually kept user friendly especially when the device is being used for the first time, as the primary concern is usability.
-
Open Services:
- Open ports and services may lead to security events
- Admins need to continuously check for unnecessary or insecure ports and services.
-
Default Passwords:
- Users and admins do not change default passwords
5
Q
What are the types of Vulnerability Assessments?
A
-
Active
- Uses scanner to find hosts, services, and weaknesses
-
Passive
- Sniffs network traffic to find active systems, services, apps, and vulnerabilities
-
External
- Assesses the network from the outside.
-
Internal
- Scanning internal infrastructure
-
Host Based
- Determines weaknesses on a specific host by performing config check through the command line
-
Network
- Determines the possible network attacks that may occur
-
Application
- Tests web infrastructure for any misconfiguration and known vulns
-
Wireless
- Determines weaknesses in the org’s wireless networks
6
Q
What is the Vulnerability Management Life Cycle?
A
-
Creating Baseline
- Assets are identified and prioritized
-
Vulnerability Assessment
- Known vulnerabilities are identified in the org infrastructure
-
Risk Assessment
- All serious uncertainties associated with a system are assessed, fixed, and permanently eliminated
- Summarizes the vulnerability and risk level identified (high, moderate, low) for each asset
-
Remediation
- The process of reducing the severity of vulnerabilities
-
Verification
- Security team checks whether the previous phases are perfectly employed or not
-
Monitor
- Continuous monitoring identifies potential threats and any new vulnerabilities that have evolved.
7
Q
What are some Vulnerability Assessment Solutions?
A
-
Product-Based Solutions
- Installed on org’s internal network
- Installed in private or non-routable space
- If installed behind FW, then it might not detect outside attacks
-
Service-Based Solutions
- Only offered by 3rd parties
- Sometimes hosted inside the network, other outside
-
Tree-Based Assessment
- Auditor selects different strategies for each machine/component of system
- Relies on admin to provide a starting shot of intelligence
-
Inference-Based Assessment
- Scanning starts by building an inventory of protocols on the machine
- After finding protocol, scanning starts to detect which ports are attached to services
- After finding services, selects vulnerabilities on each machine and starts to execute only the relevant tests
8
Q
What are some Vulnerability Assessment Tools?
A
-
Host Based Tools
- Finds and identifies the OS on a host and test for deficiencies
- Searches for common applications and services
-
Depth Assessment
- Finds and identifies previously unknown vulnerabilities in a system
- Tools include “fuzzers”
-
Application-Layer Vuln Assessment
- Directed towards web servers or DB’s
-
Scope Assessment
- Provide security to the IT system by testing in apps and OS
-
Active/Passive
- Active scanners perform vuln checks on the network that consume resources on the network
- Passive scanners mainly observe system data
-
Location/Data Examined
- Network based scanner
- Agent based scanner
- Proxy scanner
- Cluster scanner
9
Q
What is the Criteria for Choosing Vulnerability Assessment Tool?
A
-
Types of vulnerabilities being assessed
- How many vulnerabilities will it discover
-
Testing capability of scanning
- Must have the capacity to execute the entire selected test and must scan all the systems selected
-
Ability to provide accurate reports
- Should be clear, short, and easy to navigate
-
Efficient and accurate reports
- How much time does it take for a single host and what resources are required
- What services are lost at the time of scanning
-
Capability to perform a smart search
- How clever tool is at time of scanning
-
Functionality for writing own tests
- Does scanning tool allow user-developed tests to be used.
-
Test run scheduling
- Allows users to do test run scheduling
10
Q
What are some common Vulnerability scoring systems?
A
-
Common Vulnerability Scoring System (CVSS)
- The National Vulnerability Database (NVD) provides CVSS scores for almost known vulnerabilities
-
Common Vulnerabilities and Exposures (CVE)
- A publicly available and free to use list or dictionary of standardized identifiers for common software vulnerabilities and exposures
11
Q
What are Vulnerability Assessment Reports?
A
- Discloses the risks detected after scanning the network
- Report alerts the organization of possible attacks and suggests countermeasures
- Info available in reports is used to fix security flaws
- Types:
- Security vulnerability Report
- Combined report for all the scanned devices
- Security vulnerability Summary
- This report is produced for every device after scanning
- Security vulnerability Report
12
Q
What is Common Weakness Enumeration (CWE)?
A
A category system for software vulnerabilities and weaknesses. Has over 600 categories of weaknesses