Chapter 6: Security Assessment and Testing Flashcards
Vulnerability Assesment
looking for weaknesses in everything etc.
PEN Testing
Looking to exploit weaknesses or ethical hacking..
zero knowledge
black box testing - for someone with no internal knowledge.
Partial knowledge
limited access on network
full knowledge
full knowledge of network…rouge administrator.
Vulnerability Scanning
Identifying
- Active hosts on network
- active and vulneable servies/ports on hosts
- applications
- operating systems
- vulnerabilities associated with discovered OS & Apps
- Misconfigured Settings
testing for compliance
establish foundation for PEN testing
Attack methodology
attack methodology part 2
Pen testing consideration
3 basic requirements:
- Meetin with Senior mgmt to determine the goal of the Assessment
- Document Rules of Engagement
- Get sign off from Senior mgmt.
It could disrupt productivity and systems
Purpose is to determine subjects ability to withstan an attack and determine effectiveness of current security measures.
***test should test and document*** not fix or suggest.. don’t violate seperation of duties.
IDS
intrusion detection system - passive in actons
part of a layered defense passive in activity.
needs an interface in promiscous mode - packet sniff whole network…card can capture all traffic.
port span or mirroring needs to be enabled to view all traffice on switch port.
IPS is active
IDS Categories
Host Based
Network Based
the anlysis engine is what makes it an IDS>
HIDS
Host based intrusion detection system.
cane be operating system and application specifi- might understand the latest attack against a certain service on a host
they can look at data post-encryption.
cons
systems resources, not scalable, it can be disabled if attacked..
network base ids
look for DOS
IPS port number
brue force tunnneling etc.
ids analysis engine
pattern matching based on signature
profile matching system profile matching base on normal behavior…
evasion attack
flying under the RADAR many small attacks from different directions
