CH22 Vulnerability Management Flashcards
What is Vulnerability Assessment?
seeks to identify any issues in a network, application, database, or other systems prior to it being used that might compromise the system. It is a formalized process that define, identify, and classify the security holes in an enterprise network architecture. It’s also used to forecast the effectiveness of proposed countermeasures as part of your overall risk analysis process.
What is Vulnerability management ?
practice of finding and mitigating the vulnerabilities
What are the 3 questions can help to scope your assessments?
- What is the value of the information?
- What is the specific threat that your system is facing?
- What mitigation strategies could be deployed to address the issues that are found?
What are some of the vulnerability management programs?
Nessus
Qualysguard
AlienValut
What are the 5 Steps of vulnerability management process?
- Define the desired state of security
- Create a baseline – understand what normal is and what your current state of your systems is.
- Prioritize the vulnerabilities – which one gets fixed first?
- Mitigate Vulnerabilities – install controls and patches to make your system more secure
- Monitor the network and systems
What is Penetration Testing ( or Pentest )
Done by team of professionals to simulate an attack on your network, its system, or its applications…. As if a real hacker would break into your network.
Penetration tests look at a network’s vulnerabilities from the outside.
Penetration tools like Metasploit and CANVAS are commonly used.
What are the 5 steps of Pentest ?
- Get permission & document info
- Gather information about the target through reconnaissance
- Enumerate the targets to identify known vulnerabilities
- Exploit the network to gain users or privilege access
- Document all of your results and provide report.
What is a Pivot in regards to Vulnerability threats ?
occurs when an attacker moves onto another workstation or user account
What is Persistence in regards to vulnerability threats?
ability of an attacker to maintain a foothold inside the compromised network.
What is Tabletop Exercises (TTX)?
uses an incident scenario against a framework of controls or a red team. During this exercise, you will carry a discussion of simulated emergency situations.
Theoretical in nature and do not provide practical evidence of what could go wrong during a real event
What is Red/Blue/White exercises?
Red Team – the hostile or attacking team in a penetration test. (3rd party)
Blue Team – the defensive team in a penetration test. (Sys admins, network defenders, cybersecurity analysts)
White Team – staff who administers, evaluates, and supervises a penetration test. They may build the environment for the test.
What is OVAL?
For the exam : OVAL = Open Vulnerability and Assessment Language.
It is used to share data between lots of different tools that are focused on vulnerability assessments and management.
What is OVAL Language?
written as an XML schema. Used to define and describe the information that’s being created by the OVAL (Open Vulnerability and Assessment Language) language, and it’s allowing to be shared among various programs and tools
What OVAL Interpreter
a reference developed to ensure the information passed around by these programs complies with the OVAL (Open Vulnerability and Assessment Language) schemas and definitions used by the OVAL language
What is Network Mapping in regards to vulnerability assessment?
Discovery and documentation of physical and logical connectivity that exists in the network.
