Conducting Vulnerability Assessments Flashcards
Pre-assessmet Checklist
- Scope of project
- Identify assessment team
- Establish applicable standards
- Select site(s)
- Dates and logistics
- The team needs EPP ?
- Ground rules
- Gather and review existing documentation
- Research known vulnerabilities
- Prepare for kickoff
Passive Data Collection Includes:
- Windows system information
- Log files
- Firewall, router and switch configuration files
- Network packet captures
Advanced Windows System Information Tools
- SIW
- Priority Speccy
- AIDA
- ASTRA
- PC Wizard
Sniffing Ethernet
Sniffing the ethernet is a term used to describe the passive collection of data in packet capture programs.
PORT Mirroring
Also known as SPAN (Switched Port Analyzer), is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port to another port, where the packet can be analyzed.
RSPAN
Remote Switched Port Analyzer
Popular network capturing tools
- Whireshark
- Colasoft
- TCP Dump
- NetworkMiner
- Microsoft Network Monitor
Packet capturing Goals
- Identify what devices talk to what
- Identify the protocols on the network
- Detect unexpected or unusual traffic
- Recognize messages with clear-text payloads
- Troubleshooting
Network Vulnerability Scanning Tools
- Nessus
- Nexpose
- OpenVas
- Qualsys
Metasploit, Kali LInux and Canvas are tools for:
Penetration Testing
What are the different types of vulnerability assessment?
- High-level GAP Assessments
- Passive Vulnerability Assessments
- Active Vulnerability Assessments
- Penetration Testing
What are the different types of vulnerability assessment?
- High-level GAP Assessments
- Passive Vulnerability Assessments
- Active Vulnerability Assessments
- Penetration Testing
What is the puprose of a packet capture utility?
- Identify what devices talk to what
- Identify protocols on the network
- Detect unexpected or unusual traffic
- Recognize messages with clear-text payloads
- Troubleshooting
What is port mirroring?
Is an approach to monitoring network traffic that involves forwarding a copy of each packet from one network switch port to another.
What type of tool is used to capture and display Ethernet communications?
Packet Capture
A feature that sends a copy of a network from one or more switch ports to a special monitoring port is called:
Port mirroring
Which term is used to describe the passive collection of data in packet capture programs?
Sniffing the Ethernet
Which computer program assesses computers, computer system, networks or applications for weaknesses against databases known vulnerabilites?
Network Vulnerability Scanning Tool
Which is an approach to monitoring network traffic that involves forwarding a copy of each data packet from one network switch port to another?
Port Mirroring