CySA+ Study Notes 4 Flashcards
(1) Maintain system security, (2) comply w/corporate policy, (3) comply w/regulatory requirements.
Why Manage Vulnerabilities?
(1) conduct quarterly internal/external vulnerability scans, (2) Repeat scans after any significant change, (3) use approved scanning vendor (ASV) for external scans, (4) remediate and re-scan until a clean report is achieved.
PCI DSS Requirements
(1) conduct regular vulnerability scans, (2) analyze results of scans, (3) remediate legitimate vuln.’s, (4) share info w/other agencies.
FISMA Requirements
install a security agent on each server that can probe deep into servers configuration and check for vuln.’s, these agents then report any vuln.’s they may discover back to central vuln. management system.
Agent-based scans
user provides scanner w/credentials to log onto remote system and pull config info.
Credentialed Scanning
(1) Scan Engine Updates = software updates to scanner itself that fixes bugs and adds new features. (2) Plug-In updates = vuln. feed updates that provide scanner w/info about current vuln.’s.
Scanner Maintenance
(1) may accidentally exploit vuln.’s, (2) will miss some vuln.’s due to firewall settings, network segmentation, IDS/IPS deployments.
Active Scanning Disadvantages
(1) System criticality, (2) information sensitivity, (3) vuln. severity, (4) remediation difficulty, (5) vuln. exposure ( is vuln. exposed to attacker?)
Setting Remediation of Vuln.’s Priorities
(1) Detection : Scan environment for new vuln. (2) Analysis : assign that vuln to CySA for further review to find out if we are dealing with real vuln. and not false positive. (3) Remediation phase : where technical staff correct the vuln. we try to patch if patching doesnt work then we use other methods like sandboxing and testing etc … (4) Remediation Validation : control moves back to CySA and runs new vuln. scan and ensures no vuln. is still there.
Remediation Workflow
creates a consistent language and format for discussing security issues.
SCAP
