MOD 5 - Vulnerability Analysis

Question 1

• Vuln scanners

Answer 1

Generate reports of vulnerabilities, problems, compliance issues, etc. Won’t fix the problems but does give you important info about each vuln.
Example vulns: weak passwords, missing updates or patches, unencrypted protocols, weak config settings

Question 2

CVSS

Answer 2

Common Vulnerability Scoring System. Critical is 9.0-10.0. High is 7.0-8.9. Medium is 4.0-6.9. Low is 0.1-3.9. None is 0.0

Question 3

Vulnerability Management Life Cycle

Answer 3

1) Identify Assets and Create a Baseline 2) Vulnerability Scan 3) Risk Assessment 4) Remediation 5) Verification 6) Monitor. Repeat steps 2-6 continuously.

Question 4

Types of Vulnerability Assessments

Answer 4

Active, Passive, Internal, External, Host-based, Network-based, etc.

Question 5

Wireless network assessment

Answer 5

Tries to attack wireless authentication mechanisms to gain unauthorized access, identifies rogue access points in the company perimeter, tries to crack wireless encryption keys, etc.

Question 6

Approaches to Vuln Assessments

Answer 6

Product-Based vs Service-Based, Tree-Based (needs initial info to begin) vs Inference-Based (start by building an inventory of protocols on the machine, then figure out the protocol’s ports, then select vulnerabilities in that protocol and perform only the relevant tests)

Question 7

• Common vuln scanners:

Answer 7

Nessus, OpenVAS, Qualys, SAINT, Retina, Nikto etc.

Question 8

• Nikto

Answer 8

Webserver vuln scanner that can find problems such as outdated file versions, vulnerable CGI’s (web scripts), etc.

Question 9

Positive, Negative, True, False

Answer 9

True Positive: Correctly identifies a vuln (positive match to the vuln database)
True Negative: Correctly determines no vuln exists (negative=no match to vuln database)
False Positive: Mistakenly reports a vulnerability that doesn’t really exist
False Negative: Mistakenly fails to identify a vuln that does exist