Chapter 13 - Vulnerability Assessment And Data Security Flashcards
Vulnerability assessment
A systematic and methodical evaluation of the security posture of the enterprise.
5 parts of vulnerability assessment
1) asset identification
2) threat evaluation
3) vulnerability appraisal
4) risk assessment
5) risk mitigation
Asset identification
Inventory the assets.
Determine the assets relative value.
Threat evaluation
Classify threats by category.
Design attack tree.
Vulnerability appraisal
Determine current weaknesses in protecting assets.
Use vulnerability assessment tools.
Risk assessment
Estimate impact of vulnerability on organization.
Calculate risk likelihood and impact of the risk.
Risk mitigation
Decide what to do with the risk.
Protocol analyzer
Hardware or software that captures packets to decode and analyze their contents. Ex. Wireshark
Vulnerability scanner
Generic term for a range of products that look for vulnerabilities in networks or systems.
Active scanner
A vulnerability scanner that sends “probes” to network devices and examines the responses received back to evaluate whether a specific device needs remediation.
Passive scanner
A vulnerability scanner that can identify the current software operating systems and applications being used on the network, and indicate which devices might have a vulnerability.
Honeypot
A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, but are actually imitations of real data files, to trick attackers into revealing their attack techniques.
Honeynet
A network set up with intentional vulnerabilities to invite attacks and reveal attackers’ methods.
Banner grabbing
Gathering information from messages that a service transmits when another program connects to it.
Wireless cracker
Hardware or software that tests the security of a wireless LAN system by attempting to break its protections of Wi-Fi Protected Access (WPA) or WPA2
Password cracker
Software intended to break the digest of a password to determine its strength.
Nmap (network mapper)
A security vulnerability scanner that can determine which devices are connected to the network and the services they are running.
Netcat
A command-line alternative to Nmap with additional features scanning for vulnerabilities.
Vulnerability scan
An automated software search through a system for any known security weaknesses that creates a report of those potential exposures.
Intrusive vulnerability scan
A scan that attempts to penetrate the system in order to perform a simulated attack.
Non-intrusive vulnerability scan
A scan that uses only available for information to hypothesize the status of the vulnerability.
Credentialed vulnerability scan
A scan that provides credentials (user name and password) to the scanner so that tests for additional internal vulnerabilities can be performed.
Penetration testing
A test (pentest) by an outsider that attempts to actually exploit any weaknesses in systems that are vulnerable.
Black box test
A penetration test in which the tester has no prior knowledge of the network infrastructure that is being tested.
White box test
A penetration test where the tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.
Gray box test
A penetration test where some limited information has been provided to the tester.
Active reconnaissance
Actively proving a system like an attacker would do to find information.
Passive reconnaissance
Using searches online for publicly accessible information that can reveal valuable insight about a system.
