5 - Vulnerability Analysis Flashcards

1
Q

What are Vulnerability assessments?

A
  • Vulnerability assessments scan networks for known security weaknesses.
  • Attackers use vulnerability assessments to identify security loopholes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the main causes of Vulnerabilities?

A
  • software/hardware misconfiguration
  • poor programming processes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Vulnerability Research?

A
  • The process of discovering vulnerabilities and design flaws
  • Vulnerabilities are classified based on severity level (low, medium, or high) and exploit range (local and remote)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of categories are vulnerabilities classified in?

A
  • Misconfiguration:
    • The most common vulnerability that is mainly caused by human error which allows attackers to gain unauthorized access to the system.
    • A system can be misconfigured in so many ways:
      • An application running with debug enabled
      • Outdated software running on the system
      • Running unnecessary services on a machine
      • Using misconfigured SSL certs and default certs
      • Improperly authenticated external systems
      • Disabling security settings and features
  • Default Installations:
    • Usually kept user friendly especially when the device is being used for the first time, as the primary concern is usability.
  • Open Services:
    • Open ports and services may lead to security events
    • Admins need to continuously check for unnecessary or insecure ports and services.
  • Default Passwords:
    • Users and admins do not change default passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the types of Vulnerability Assessments?

A
  • Active
    • Uses scanner to find hosts, services, and weaknesses
  • Passive
    • Sniffs network traffic to find active systems, services, apps, and vulnerabilities
  • External
    • Assesses the network from the outside.
  • Internal
    • Scanning internal infrastructure
  • Host Based
    • Determines weaknesses on a specific host by performing config check through the command line
  • Network
    • Determines the possible network attacks that may occur
  • Application
    • Tests web infrastructure for any misconfiguration and known vulns
  • Wireless
    • Determines weaknesses in the org’s wireless networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Vulnerability Management Life Cycle?

A
  • Creating Baseline
    • Assets are identified and prioritized
  • Vulnerability Assessment
    • Known vulnerabilities are identified in the org infrastructure
  • Risk Assessment
    • All serious uncertainties associated with a system are assessed, fixed, and permanently eliminated
    • Summarizes the vulnerability and risk level identified (high, moderate, low) for each asset
  • Remediation
    • The process of reducing the severity of vulnerabilities
  • Verification
    • Security team checks whether the previous phases are perfectly employed or not
  • Monitor
    • Continuous monitoring identifies potential threats and any new vulnerabilities that have evolved.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some Vulnerability Assessment Solutions?

A
  • Product-Based Solutions
    • Installed on org’s internal network
    • Installed in private or non-routable space
    • If installed behind FW, then it might not detect outside attacks
  • Service-Based Solutions
    • Only offered by 3rd parties
    • Sometimes hosted inside the network, other outside
  • Tree-Based Assessment
    • Auditor selects different strategies for each machine/component of system
    • Relies on admin to provide a starting shot of intelligence
  • Inference-Based Assessment
    • Scanning starts by building an inventory of protocols on the machine
    • After finding protocol, scanning starts to detect which ports are attached to services
    • After finding services, selects vulnerabilities on each machine and starts to execute only the relevant tests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some Vulnerability Assessment Tools?

A
  • Host Based Tools
    • Finds and identifies the OS on a host and test for deficiencies
    • Searches for common applications and services
  • Depth Assessment
    • Finds and identifies previously unknown vulnerabilities in a system
    • Tools include “fuzzers”
  • Application-Layer Vuln Assessment
    • Directed towards web servers or DB’s
  • Scope Assessment
    • Provide security to the IT system by testing in apps and OS
  • Active/Passive
    • Active scanners perform vuln checks on the network that consume resources on the network
    • Passive scanners mainly observe system data
  • Location/Data Examined
    • Network based scanner
    • Agent based scanner
    • Proxy scanner
    • Cluster scanner
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Criteria for Choosing Vulnerability Assessment Tool?

A
  • Types of vulnerabilities being assessed
    • How many vulnerabilities will it discover
  • Testing capability of scanning
    • Must have the capacity to execute the entire selected test and must scan all the systems selected
  • Ability to provide accurate reports
    • Should be clear, short, and easy to navigate
  • Efficient and accurate reports
    • How much time does it take for a single host and what resources are required
    • What services are lost at the time of scanning
  • Capability to perform a smart search
    • How clever tool is at time of scanning
  • Functionality for writing own tests
    • Does scanning tool allow user-developed tests to be used.
  • Test run scheduling
    • Allows users to do test run scheduling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some common Vulnerability scoring systems?

A
  • Common Vulnerability Scoring System (CVSS)
    • The National Vulnerability Database (NVD) provides CVSS scores for almost known vulnerabilities
  • Common Vulnerabilities and Exposures (CVE)
    • A publicly available and free to use list or dictionary of standardized identifiers for common software vulnerabilities and exposures​
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Vulnerability Assessment Reports?

A
  • Discloses the risks detected after scanning the network
  • Report alerts the organization of possible attacks and suggests countermeasures
  • Info available in reports is used to fix security flaws
  • Types:
    • Security vulnerability Report
      • Combined report for all the scanned devices
    • Security vulnerability Summary
      • This report is produced for every device after scanning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Common Weakness Enumeration (CWE)?

A

A category system for software vulnerabilities and weaknesses. Has over 600 categories of weaknesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly