Chapter 4 Flashcards

1
Q

Vulnerability Management Programs

A

Seek to identify, prioritize, and remediate these vulnerabilities before an attacker exploits them to undermine the confidentiality, integrity, or availability of enterprise information assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Technical Constraints - Vulnerability Scanning

A

This may limit the frequency of scanning. From per day to making sure the scan completes successfully.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Business Constraints - Vulnerability Scanning

A

May limit the organization from conducting resource-intensive vulnerability scans during periods of high business activity to avoid disruption of critical processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Licensing Limitations - Vulnerability Scanning

A

May curtail the bandwidth consumed by the scanner or the number of scans that may be conducted simultaneously.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Active Vulnerability Scanning

A

The tool actually interacts with the scanned host to identify open services and check for possible vulnerabilities. This method provides high-quality results but also has drawbacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Active Scanning drawbacks

A
  1. Is noisy and will likely be detected by admins of scanned systems. Only problematic if desired to be stealthy.
  2. Has potential to accidentally exploit vulnerabilities and interfere with functioning of prod systems.
  3. Might also miss some systems if blocked by firewalls, IPS’s, network segmentation or other security controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Passive Vulnerability Scanning

A

Instead of probing systems for vulnerabilities, passive scanners monitor the network, similar to the technique used by IDS’s. Instead of looking for intrusion attempts, look for signatures of outdated systems and applications, reporting results to admins. Only capable of detecting vulnerabilities that are reflected in network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Scope of Vulnerability Scan

A

Determines the systems and networks to be included in vulnerability scan. Also, technical measures to be used to test whether systems are present on the network. Tests will be performed against systems discovered by a vulnerability scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Configuring Plug-ins

A

Each plug-in performs a check for a specific vulnerability, and these plug-ins are often grouped into families based on the OS, application or device that they involve. Disabling unnecessary plug-ins will improve speed of scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Credentialed Scans

A

May access OS’s, databases, applications and other sources. Only retrieve information from target servers and do not make changes to the server itself. Admins should enforce the principle of least privilege by providing the scanner with a read-only account on the server. Reduces likelihood of security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Agent-based Scanning

A

Admins install small software agents on each target server. These agents conduct scans of the server configuration, providing an “inside-out” vulnerability scan and then report information back to the vulnerability management platform for analysis and reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ongoing scanning & continuous monitoring

A

Ongoing scanning moves away from the scheduled scanning approach that tested systems on a scheduled weekly or monthly basis and instead configures scanners to simply scan systems on a rotating basis, checking for vulnerabilities as often as scanning resources permit. Can be resource intensive, but provides detection of vulnerabilities earlier.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Compensating Control

A

Additional security measures that you take to address a vulnerability without remediating the underlying issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

4 types Infrastructure vulnerability scanners

A
  1. Tenable - Nessus
  2. Qualys
  3. Rapid7 - Nexpose
  4. OpenVAS - Open Source
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

2 Web Application Scanning types

A
  1. Nikto - Open Source, command line tough to use

2. Arachni - Packaged scanner available on all OS’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Interception Proxies

A

Valuable tools for pen testers seeking to evaluate the security of web applications. Run on testers system and intercept requests being sent from the web browser to the web server before they are released onto the network. Allows the tester to manually manipulate the request to attempt the injection of an attack.

17
Q

Aircrack-ng - Wireless Assessment Tool

A

Is a suite of tools designed for wireless network testing. The tools in this suite can capture packets from the wireless networks, conduct packet injection attacks, and crack preshared keys used on WEP, WPA and WPA2 networks.

18
Q

Reaver

A

Specialized tool used to find WPA and WPA2 passphrases specifically on networks that support WPS feature.

19
Q

Hashcat - oclHashcat

A

Is a general-purpose password cracking tool that may also be used on wireless networks. Older version designed to support GPU computation. oclHashcat no longer exists as a separate tool, as the main Hashcat tool now supports GPU’s.

20
Q

PCI SSC Compliance Scans

External vs Internal

A

Any individual may conduct internal compliance scans vs scanning vendor must conduct external compliance scans