ch 13 Flashcards
A systematic and methodical evaluation of the security posture of the enterprise
It examines the exposure to attackers, forces of nature, and any potentially harmful entity
Vulnerability Assessment
Process of inventorying items with economic value
Asset identification
List potential threats that come from threat agents
Threat evaluation
Goal: understand attackers and their methods
Often done by constructing threat scenarios
Threat modeling
Provides visual representation of potential attacks
Drawn as an inverted tree structure
Attack tree
Determine current weaknesses
Takes a snapshot of current organization security
Every asset should be viewed in light of each threat
Vulnerability appraisal
Determine damage that would result from an attack
Assess the likelihood that the vulnerability is a risk to organization
Risk assessment
Determine what to do about risks
Determine how much risk can be tolerated
Risk mitigation
Tool available to perform vulnerability assessments:
• Vulnerability Assessment Tools
Involves information exchange between one system’s program and another system’s corresponding program
T C P/I P communication
A unique identifier for applications and services
16 bits in length
• Port number
Searches system for port vulnerabilities
Used to determine port state
Open, closed, or blocked
Port scanner software
Hardware or software that captures packets to decode and analyze contents
Also known as sniffersers
Protocol analyzers
A generic term for a range of products that look for vulnerabilities in networks or systems
Vulnerability scanners
– sends “probes” to network devices and examine the responses received back to evaluate whether a specific device needs remediation
Active scanner
– can identify the current software OS and applications being used on the network and indicate which devices might have a vulnerability
Passive scanner
a computer protected by minimal security
Intentionally configured with vulnerabilities
Contains bogus data files
Honeypot:
a network set up with one or more honeypots
Set up with intentional vulnerabilities
Honeynet
a message that a service transmits when another program connects to it
Banner
when a program is used to intentionally gather this information
Can be used as an assessment tool to perform an inventory on the services and systems operating on a server
Banner grabbing
Intended to break (“crack”) the security of a system
Crackers
(W P A)
Wi-Fi Protected Access
Designed to test the security of a wireless L A N system by attempting to break its protections of Wi-Fi Protected Access (W P A) or W P A 2
Wireless cracker
what does the cmd ping do
tests the network connection between two entities
what does the cmd netstat do
displayed detailed information on the device communicating between each other
what does the cmd tracert
shows the path that a packet takes
what does the cmd nslookup
queries the DNS to obtain a specific domain name or IP address or IP address mapping
what does the cmd dig do
linux command line alternative to nslookup
what does the cmd arp
view and modify addresses resolution protocol cache
what does the cmd ipconfig do
displayes all current TCP/IP network configuration values and refreshes DHCP and DNS settings
what does the cms ifconfig
linux implimentations of ipconfig
what does the cmd tcpdump do
linux command line protocol analyzer
Nmap
(network mapper)
A security vulnerability scanner that can determine which devices are connected to the network
Nmap (network mapper)
A command-line alternative to Nmap
Can be used by itself or driven by other programs and scripts (read or write)
Netcat
Used to replicate attacks during a vulnerability assessment
Provides a structure of exploits and monitoring tools
Exploitation framework
A technology that hides the existence of data in a seemingly harmless data file, image file, audio file, or video file
Steganography
Can be used to determine if data is hidden well enough to thwart unauthorized users from finding the data
Steganography assessment tools
An automated software search through a system for known security weaknesses
Creates a report of potential exposures
Should be compared against baseline scans
Vulnerability scan
A scan looks to
Identify vulnerabilities or security weaknesses found in the system
Identify a lack of security controls that are missing to establish a secure framework
Identify common misconfigurations (in hardware and software)
attempts to actually penetrate the system to perform a simulated attack
Intrusive vulnerability scan
uses only available information to hypothesize the status of the vulnerability
Non-intrusive vulnerability scan
Provides credentials (username and password) to the scanner so tests for additional internal vulnerabilities can be performed
Credentialed vulnerability scan
Designed to exploit system weaknesses
Relies on tester’s skill, knowledge, cunning
Usually conducted by independent contractor
• Penetration Testing
End result: • Penetration Testing
penetration test report
tester has no prior knowledge of network infrastructure
Black box test
tester has in-depth knowledge of network and systems being tested
White box test
some limited information has been provided to the tester
Gray box test
• Penetration Testing Once inside the network
Tester attempts to perform
pivot (moving around inside the network)
The state or condition of being free from public attention to the degree that you determine
• Privacy
Standard techniques for mitigating and deterring attacks
Creating a security posture
• Secure Methodology
Elements that make up a security posture
Initial baseline configuration Standard security checklist Systems evaluated against baseline Continuous security monitoring Regularly observe systems and networks Remediation
what security goal has encryption, steganography, access controls
confidentiality
what security goal has, hashing, digital signatures, certificates, nonrepudiation, tools
integrity
what security goal has redundancy, fault tolerance, patching
safety
Can be configured to detect attacks and sound alarms, or prevent attacks
Information security controls
lock unlocks doors automatically upon failure
Fail-open
lock automatically locks
Fail-safe
Types of hardening techniques include
Protecting accounts with passwords
Disabling unnecessary accounts
Disabling unnecessary services
Protecting management interfaces and applications
It is important to provide information regarding events that occur
So that action can be taken
• Reporting
Sound warning if specific situation is occurring
Alarms or alerts
Can help ensure proper data handling
Data sensitive labeling
O S “delete”
(Purging) command
overwriting the disk space with zeros or random data
Wiping
permanently destroys the entire magnetic-based drive
By reducing or eliminating the magnetic field
Degaussing
