Chapter 4 Flashcards
Vulnerability Management Programs
Seek to identify, prioritize, and remediate these vulnerabilities before an attacker exploits them to undermine the confidentiality, integrity, or availability of enterprise information assets.
Technical Constraints - Vulnerability Scanning
This may limit the frequency of scanning. From per day to making sure the scan completes successfully.
Business Constraints - Vulnerability Scanning
May limit the organization from conducting resource-intensive vulnerability scans during periods of high business activity to avoid disruption of critical processes.
Licensing Limitations - Vulnerability Scanning
May curtail the bandwidth consumed by the scanner or the number of scans that may be conducted simultaneously.
Active Vulnerability Scanning
The tool actually interacts with the scanned host to identify open services and check for possible vulnerabilities. This method provides high-quality results but also has drawbacks.
Active Scanning drawbacks
- Is noisy and will likely be detected by admins of scanned systems. Only problematic if desired to be stealthy.
- Has potential to accidentally exploit vulnerabilities and interfere with functioning of prod systems.
- Might also miss some systems if blocked by firewalls, IPS’s, network segmentation or other security controls
Passive Vulnerability Scanning
Instead of probing systems for vulnerabilities, passive scanners monitor the network, similar to the technique used by IDS’s. Instead of looking for intrusion attempts, look for signatures of outdated systems and applications, reporting results to admins. Only capable of detecting vulnerabilities that are reflected in network traffic.
Scope of Vulnerability Scan
Determines the systems and networks to be included in vulnerability scan. Also, technical measures to be used to test whether systems are present on the network. Tests will be performed against systems discovered by a vulnerability scan.
Configuring Plug-ins
Each plug-in performs a check for a specific vulnerability, and these plug-ins are often grouped into families based on the OS, application or device that they involve. Disabling unnecessary plug-ins will improve speed of scan.
Credentialed Scans
May access OS’s, databases, applications and other sources. Only retrieve information from target servers and do not make changes to the server itself. Admins should enforce the principle of least privilege by providing the scanner with a read-only account on the server. Reduces likelihood of security incident
Agent-based Scanning
Admins install small software agents on each target server. These agents conduct scans of the server configuration, providing an “inside-out” vulnerability scan and then report information back to the vulnerability management platform for analysis and reporting.
Ongoing scanning & continuous monitoring
Ongoing scanning moves away from the scheduled scanning approach that tested systems on a scheduled weekly or monthly basis and instead configures scanners to simply scan systems on a rotating basis, checking for vulnerabilities as often as scanning resources permit. Can be resource intensive, but provides detection of vulnerabilities earlier.
Compensating Control
Additional security measures that you take to address a vulnerability without remediating the underlying issue.
4 types Infrastructure vulnerability scanners
- Tenable - Nessus
- Qualys
- Rapid7 - Nexpose
- OpenVAS - Open Source
2 Web Application Scanning types
- Nikto - Open Source, command line tough to use
2. Arachni - Packaged scanner available on all OS’s
