7.2 Assessing Security Flashcards
_____________ and ___________testing are two primary methods to assess security after implementing measures.
*
Vulnerability assessment and penetration
_________________ uses specialized tools to scan for known vulnerabilities.
*
Vulnerability assessment
Vulnerability assessment tools require______________ to remain useful and accurate.
*
constant updates
Vulnerability assessment results only indicate the ___________________________.
*
presence of specific known vulnerabilities on hosts
Conducting a vulnerability assessment involves several steps, including ______________________
mapping and discovery.
*
Mapping environments creates a ________________ present in the network.
*
list of devices
Mapping large networks can be ___________ and potentially ____________ to network infrastructure.
*
time-consuming; stressful
Discovering new hosts is necessary to keep ___________ up-to-date.
*
device lists
After __________, vulnerability scanning can be conducted using different types of scans.
*
mapping
What two methods can be used to discover new hosts on networks.
*
Active and passive
_____________________ don’t require credentials and show open ports and basic information.
*
Unauthenticated scans
________________________ use valid credentials to collect more thorough internal information.
*
Authenticated scans
_______________ use small software pieces installed on hosts to avoid some downsides of authenticated scans.
*
Agented scans
____________________focuses on specific applications, often web applications.
*
Application scanning
__________________ present challenges for vulnerability scanning due to provider restrictions.
*
Cloud environments
____________ in cloud environments require specialized vulnerability scanning tools.
*
Containers
__________________ is a more in-depth process than vulnerability scanning.
*
Penetration testing
Penetration testing aims to find_____________ before attackers do.
*
security holes
Penetration testing follows a standard process: 5 things
*
scoping, reconnaissance, discovery, exploitation, and reporting.
_______ defines what will be tested and may include rules of engagement.
*
Scoping
_____________ involves researching the target environment before active testing.
*
Reconnaissance
_____________ begins active testing, often using vulnerability assessment tools.
*
Discovery
____________ attempts to exploit vulnerabilities detected in earlier stages.
*
Exploitation
_____________ documents findings and steps to reproduce successful attacks.
*
Reporting
Penetration tests can be classified as _________, __________, or ____________ based on information provided.
*
black box; (Attacker knows nothing - only scope) white box; (attacker know hosts, ip addresses etc.) gray box; (hacker knows a hybrid of the two)
Tests can also be classified as _____or _________ based on access or who conducts them.
*
internal or external
_____________________ testing is a broad term for testing hosts, web applications, and even social engineering.
*
Network penetration
_____________________ focuses on specific applications using static or dynamic analysis.
*
Application penetration testing
Physical penetration testing involves directly testing _________ security measures.
*
physical
__________________ testing uses techniques to manipulate people and is often highly successful.
*
Social engineering
Hardware testing examines devices like ____________or ______ devices.
*
network gear ; IoT
_________________ programs offer rewards for discovering vulnerabilities in an organization’s resources.
*
Bug bounty
Technological challenges for penetration testing include __________________ and ____________________.
*
cloud provider restrictions and finding skilled testers.
_________________ testing conditions are crucial for accurate security assessment.
*
Realistic
Rules of engagement should closely adhere to ___________ attack conditions.
*
real-world
_________ should be set realistically to include critical systems.
*
Scope
_____ environments should closely match ___________ environments.
*
Test; production
Organizations should ______________during testing to detect attacks.
*
monitor security tools
___________ defend against ___________ attacks during penetration tests.
*
Blue teams; red team
_____________ teams bridge red and blue teams to ensure efficient operations.
*
Purple;
Proper ______________ is necessary to detect penetration testing activities.
*
instrumentation
Effective ____________ is crucial to respond to attacks or penetration tests in real-time.
*
alerting
Vulnerability assessments and penetration tests provide a _____________ of security at a specific point in time.
*
snapshot
______________ change constantly, requiring regular security assessments.
*
Attack surfaces
Attackers constantly evolve their ___________and _________.
*
tools;techniques
Technology ____________ can change security posture without notice.
*
updates
Fixing security holes can be ____________ in terms of resources and development efforts.
*
expensive
Organizations may prioritize ________________over security, requiring alternative ________________.
*
business needs ; controls or tools
Vulnerability assessment and penetration testing are essential but represent only a _______________.
*
point in time
Regular iteration of these processes is necessary to maintain current________________.
security data.
What methods can you use to detect new hosts in your environments?
Use a vulnerability scanning tool using Nmap to make a map of the network to see who is there.
What benefits does an agent provide when vulnerability scanning?
Not required to have credentials on the scanning tool or on the host.
What challenges are there in vulnerability scanning for containers?
Containers may be up one minute and down another according to the load at the time.
How is penetration testing different from vulnerability assessment?
Pen testing provides a report of the results of the actual attack and what can be exploited and vulnerability only provides a list of weaknesses.
How is a red team different from a blue team?
Red team is the assigned pen tester
Why is scoping important for a penetration test?
So the assigned attacker knows what is authorized to attack.
What are the differences between static and dynamic analysis?
Static is testing the code - dynamic is testing the application during operation
How is a bug bounty program different than a penetration test?
There is some kind of reward and is usually open to the public to find a bug in a business.
What impact does the environment on which you test have on your test results?
Important to not artificially create a well secured separate environment for testing purposes.
What is alert fatigue?
Borrowed from healthcare. To many alerts may exhaust the blue team during testing phases - answer to this is to send carefully selected actionable alerts.
What would the Burp Suite be used for?
manual and automated testing of web applications.
___________ is a tool that scans for vulnerabilities on a host.
Nmap
Wireshark
Hping
Nessus
Nessus
Nmap is a_______________
network discovery tool to identify network hosts and open ports.
Wireshark is a ____________________.
packet sniffer and protocol analyzer
