Lecture 9 Flashcards
What is the goal of vulnerability management in a SOC?
The goal is to identify and respond to potential weaknesses in IT systems to reduce the organization’s risk by addressing identified vulnerabilities. This process helps in reducing the attack surface and the number of possible targets for cyberattacks.
What are the six phases of the vulnerability management process?
The six phases are: Asset Inventory, Information Management, Risk Assessment, Vulnerability Assessment, Report and Remediate, and Respond and Repeat.
Why is asset inventory important in vulnerability management?
Asset inventory is crucial because it involves identifying all assets on the network, including endpoints and network connections, to ensure comprehensive vulnerability assessment and management.
What are the challenges associated with manual network access control (NAC)?
Manual NAC involves securing each network port individually, which can be bypassed if an attacker spoofs a trusted MAC address. This approach also requires significant effort to maintain and monitor all network ports manually.
How do network scanners contribute to asset inventory?
Network scanners, such as Nmap, identify devices on the network and develop an asset list. They are used in combination with NAC to ensure all devices are accounted for, enhancing the accuracy of asset inventory.
What is the purpose of the Information Management phase in vulnerability management?
This phase involves collecting detailed information about all devices, including installed applications, patch levels, and configurations, to identify potential vulnerabilities accurately.
Describe the Risk Assessment phase in vulnerability management.
Risk Assessment evaluates the risk associated with each identified vulnerability, prioritizing them based on their potential impact and likelihood of exploitation. This helps in determining which vulnerabilities to address first.
What role does a case management system play in vulnerability management?
A case management system tracks how vulnerabilities are addressed, ensuring none are overlooked and that they are prioritized based on their risk and time in the queue.
What factors are considered in the Report and Remediate phase?
This phase considers the risk of the vulnerability, the potential impact of remediation actions, and the required steps for remediation. It involves reporting identified vulnerabilities and recommended actions, documenting the process for future reference.
What does the Respond and Repeat phase entail?
This phase involves implementing planned responses to vulnerabilities and continuously repeating the cycle to address new and existing vulnerabilities. It includes proactive measures to reduce the risk of repetitive vulnerabilities.
How are vulnerabilities measured using the Common Vulnerability Scoring System (CVSS)?
CVSS measures vulnerabilities based on their intrinsic qualities (Base), characteristics that change over time (Temporal), and user environment specifics (Environmental), producing a numerical score reflecting their severity.
What are the key tools needed for vulnerability management in a SOC?
Key tools include vulnerability scanners to identify potential vulnerabilities, case management systems to track vulnerabilities, and network scanning tools to ensure comprehensive coverage.
What are the benefits and limitations of active scanning for vulnerabilities?
Active scanning evaluates targets over the network (network scanning) or with host-level access (host scanning). Network scanning provides an attacker’s perspective but may miss some vulnerabilities. Host scanning offers accurate data but requires permission and resources.
What is the role of exploitation tools in vulnerability management?
Exploitation tools, such as Metasploit, are used in penetration testing to validate vulnerabilities by exploiting them. This helps prioritize validated vulnerabilities for remediation.
What are the three metric groups in CVSS?
The three metric groups are:
Base: Represents the intrinsic qualities of a vulnerability.
Temporal: Reflects characteristics that change over time.
Environmental: Represents characteristics unique to a user’s environment.
