Module 05: Vulnerability Analysis Flashcards
What are some examples of vulnerabilities?
- TCP/IP protocols
- OS
- Network Devices
- User account
- System account
- Internet service misconfiguration
- Default password and settings
- Network device misconfiguration
What is a vulnerability?
A vulnerability refers to the existence of weakness in an asset that can be exploited by threat agents, and compromises the CIA triad.
- Hardware of software misconfiguration, including default configurations
- Insecure of poor network or application design
- Inherent technology weaknesses, including poor code design
- Careless approach of end users
Vulnerability analysis is part of the scanning process for all intents and purposes.
What are some vulnerability research websites and databases?
- Packet Storm
- Dark Reading
- Trend Micro
- Security Magazine
- PenTest Magazine
What are some standard references applied to catalogued and labeled vulnerabilities?
- CVE
- National Vulnerability Database (NVD)
- Microsoft Security Response Center
How do scanning tools work?
Scanning tools automatically identifies the live systems, open ports, OS’s - similar discovery as nmap - and runs plugins that are configured to probe for specific vulnerabilities, examining the system or application.
CVSS
Common Vulnerability Scoring System, rates how bad a vulnerability is on a scale of 1-10
Low, medium, high, critical.
Also whether locally or remotely exploitable. Source based on NIST.gov
CVE
Common Vulnerabilities and Exposures
Maintained by MITRE
NVD
National Vulnerability Database
Maintained by NIST, includes reference IDs
CWE
Common Weakness Enumeration, also maintained by MITRE
ExploitDB
proof of concept exploit tool, gives proof of concept code to prove something is exploitable
Vulnerability Management Lifecycle
Pre-Assessement Phase: Identify assests and create a baseline (cataloging - software versions, protocol versions etc)
Vulnerability Assessment Phase: Vulnerability Scan
Post-Assessment Phase: what do you do with what you discover
- Risk Assessment
- Remediation
- Verification - when you fix the issue, re-scan and make sure it’s been remediated.
- Monitoring
It’s an ongoing process - it never ends! The higher base score vulnerabilities need to be patched first.
Active vs Passive assessments
Active - if you don’t care about getting detected, crashing servers etc - use a network scanner to find hosts, services, and vulnerabilities. Can do a more aggressive scan but be more cautious in more sensitive environments (ie SCADA).
Passive - just sniffing network traffic to discover present active systems, network services, applications and vulnerabilities present
What are some other types of assessments?
External vs. Internal
Host-based vs. Network-based assessment
Application assessment (web apps) - more of a specialized scanner like Web Inspection, Accunetics.
Database assessment
Wireless network
Distributed assessment - looking at communications between endpoints
Credentialed vs. non-credentialed assessment (credentialed = white box)
Manual vs. automated assessment - utilities like Nessus or OpenVAS
→ can still use Nessus for non-professional purposes (16 IPs for free)
OpenVAS = free open source solution, run with Greenbone Security Assistant
Nikto = web server assessment tool that examines web servers for problems.
What does a vulnerability assessment report contain?
A Vulnerability Assessment report discloses the risks detected after scanning a network, and alerts the organization of possible attacks and suggest countermeasures. Provide information to fix security flaws. Come back and re-test after a month or so.
Components: exec summary, assessment overview, findings, risk assessment, recommendations
