CH22 Vulnerability Management Flashcards
What is Vulnerability Assessment?
seeks to identify any issues in a network, application, database, or other systems prior to it being used that might compromise the system. It is a formalized process that define, identify, and classify the security holes in an enterprise network architecture. It’s also used to forecast the effectiveness of proposed countermeasures as part of your overall risk analysis process.
What is Vulnerability management ?
practice of finding and mitigating the vulnerabilities
What are the 3 questions can help to scope your assessments?
- What is the value of the information?
- What is the specific threat that your system is facing?
- What mitigation strategies could be deployed to address the issues that are found?
What are some of the vulnerability management programs?
Nessus
Qualysguard
AlienValut
What are the 5 Steps of vulnerability management process?
- Define the desired state of security
- Create a baseline – understand what normal is and what your current state of your systems is.
- Prioritize the vulnerabilities – which one gets fixed first?
- Mitigate Vulnerabilities – install controls and patches to make your system more secure
- Monitor the network and systems
What is Penetration Testing ( or Pentest )
Done by team of professionals to simulate an attack on your network, its system, or its applications…. As if a real hacker would break into your network.
Penetration tests look at a network’s vulnerabilities from the outside.
Penetration tools like Metasploit and CANVAS are commonly used.
What are the 5 steps of Pentest ?
- Get permission & document info
- Gather information about the target through reconnaissance
- Enumerate the targets to identify known vulnerabilities
- Exploit the network to gain users or privilege access
- Document all of your results and provide report.
What is a Pivot in regards to Vulnerability threats ?
occurs when an attacker moves onto another workstation or user account
What is Persistence in regards to vulnerability threats?
ability of an attacker to maintain a foothold inside the compromised network.
What is Tabletop Exercises (TTX)?
uses an incident scenario against a framework of controls or a red team. During this exercise, you will carry a discussion of simulated emergency situations.
Theoretical in nature and do not provide practical evidence of what could go wrong during a real event
What is Red/Blue/White exercises?
Red Team – the hostile or attacking team in a penetration test. (3rd party)
Blue Team – the defensive team in a penetration test. (Sys admins, network defenders, cybersecurity analysts)
White Team – staff who administers, evaluates, and supervises a penetration test. They may build the environment for the test.
What is OVAL?
For the exam : OVAL = Open Vulnerability and Assessment Language.
It is used to share data between lots of different tools that are focused on vulnerability assessments and management.
What is OVAL Language?
written as an XML schema. Used to define and describe the information that’s being created by the OVAL (Open Vulnerability and Assessment Language) language, and it’s allowing to be shared among various programs and tools
What OVAL Interpreter
a reference developed to ensure the information passed around by these programs complies with the OVAL (Open Vulnerability and Assessment Language) schemas and definitions used by the OVAL language
What is Network Mapping in regards to vulnerability assessment?
Discovery and documentation of physical and logical connectivity that exists in the network.
What is Vulnerability scanning in regards to vulnerability assessment?
a technique that identifies threats on the network without exploiting them.
Nessus and Qualysguard are commercial vulnerability scanners that can scan for open ports, enumerate the services on those ports, and then determine if a vulnerability exists on those services by checking if they’ve been patched for known exploits
What is Banner Grabbing
a technique used to gain information about servers and inventory the systems or services.
What is Network sniffing in regards to vulnerability assessment?
the process of finding and investigating other computers on the network by analyzing the network traffic or capturing the packets being sent
Network sniffer, packet sniffing, and protocol analyzer can all conduct packet capture
What is Protocol Analyzer ?
software tool that allows for the capture, reassembly, and analysis of packets from the network. Most commonly used protocol analyzer is Wireshark
What is Password analysis in regards to vulnerability assessment?
a tool used to test the strength of your passwords to ensure your password policies are being followed
What is Nmap?
For the exam : be aware that Nmap is a tool that can be used to determine what hosts are on the network. Therefore, it is a network mapping tool. It also can be sued to determine what services are running on what open ports.. so it can also be considered a vulnerability scanner
What is Password Cracker?
uses comparative analysis to break passwords and systematically continues guessing until the password is determined.
Two most well-known password crackers are : Cain & Abel and John the Ripper.
What are the 4 methods of doing password cracking and analysis?
- Password Guessing – occurs when a weak password is simply figured out by a person
- Dictionary Attack – a program attempts to guess the password by using a list of possible passwords.
- Brute Force Attack – Method where a program attempts to try every possible combination until it cracks the password
- Cryptanalysis Attack – Comparing a precomputed encrypted password to a value in a lookup table
What is Rainbow Table?
List of precomputed valued used to more quickly break a password since values don’t have to be calculated for each password being guessed
