CySA+ Study Notes 13 Flashcards
(SCAP) allows compatible scanners to determine whether a computer meets a configuration baseline. A SCAP-validated tool adheres to standards for scanning processes, results reporting and scoring, and vulnerability prioritization. SCAP is commonly used to uphold internal and external compliance requirements.
info
??? (1) OVAL—An XML schema for describing system security state and querying vulnerability reports and information. (2) (XCCDF)— An XML schema for developing and auditing best-practice configuration checklists and rules. Previously best-practice guides might have been written in prose for system administrators to apply manually. XCCDF provides a machine-readable format that can be applied and validated using compatible software.
SCAP has several functions :
discovery scan is used to create and update an inventory of assets (enumeration). There will usually be options to perform host and/or service discovery using different methods.
info
Scan results should be stored securely with a restricted ACL. Use the principles of separation of duties and job rotation to ensure that administrators responsible for scanning and vulnerability management are different from those managing permissions and access. If using credentialed scans, ensure that service accounts are set up, and use strong credentials to protect the integrity of those accounts. Configure the accounts with the least permissions required to complete the scan assessment successfully as opposed to assigning default local administrator privileges.
info
(CVE)—A dictionary of vulnerabilities in published operating systems and applications software.
(CWE)—Flaws in the design and development of software that could potentially lead to vulnerabilities.
(CAPEC)—A classification of specific attack patterns.
(CPE)—Operating systems, applications, and hardware devices.
(CCE)—Configuration best-practice statements.
info
Qualys’s vulnerability management solution is a cloud-based service. Users install sensors at various points in their network, which can include cloud locations, and the sensors upload data to the Qualys cloud platform for analysis. The sensors can be implemented as agent software running on a host, as a dedicated appliance, or as a virtual machine (VM) running on a platform such as VMware. You can also deploy passive network sensors, out-of-band sensors for air-gapped hosts, and agents for cloud infrastructure and container apps. As well as the network vulnerability scanner, there is an option for web application scanning.
info
Patch management can also be difficult for legacy systems, proprietary systems, and systems from vendors without robust security management plans, such as some types of Internet of Things devices. These systems will need compensating controls, or some other form of risk mitigation if patches are not readily available.
info
Either a system that was developed in-house, or one that is not widely marketed. This type of system presents a risk because support resources are limited, often to the original development team. If those support resources are no longer contactable, the system can become unpatchable.
Proprietary system
Creating and deprovisioning accounts (onboarding and offboarding). Managing accounts (resetting user passwords, updating certificates, managing permissions and authorizations, and synchronizing multiple identities). Auditing account activity. Evaluating identity-based threats and vulnerabilities. Maintaining compliance with regulations. Be cautious of privileged and shared accounts.
IAM tasks include :
Password Policies : complexity rules not be enforced, aging policies not be enforced, password hints shouldnt be used. Dont resuse work passwords.
MFA : 2-step verification, biometric, certificate-based, location-based.
Identity federation provides a shared sign-on capability across multiple systems and enterprises. It connects the identity management services of multiple systems.
info
