Module 2 Flashcards
What is the goal of threat management?
- To take the appropriate steps needed to minimize hostile cyber actions
What is penetration testing? What is the first step of pen testing?
- Type of test that attempts to exploit vulnerabilities just as a threat actor would.
- First step is Planning
Why must a penetration test be used rather than just a scan of network defenses?
- Pen testing can find deep vulnerabilities using manual techniques that follow the thinking of threat actors
- Scanning can only find surface level problems
What is the benefit of using internal employees for pen testing? What are the disadvantages?
Advantages: Cheaper, faster, and the employees get training in awareness of security risks
Disadvantages: Employee insider knowledge, Lack of expertise on pen testing, and reluctance to reveal vulnerabilities
What are the different penetration testing war game teams?(hint 4)
- Red Team: Attacker-Scans then exploits vulnerabilities
- Blue Team: Defenders-Monitors for red team attacks and shores up defenses
- White Team: Referees-Enforces the rules of the pen testing
- Purple Team: Bridge-Provides real time feedback between red and blue teams to enhance the testing
What are the advantages of using a third-party pen testing consultant? What are the disadvantages?
Advantages: More expertise, Credentials/certifications (more qualified), More experienced, Focused which results in expert security services
Disadvantages: Contractor now has learned about organization’s network vulnerabilities and sensitive information
- Most pen testing contracts have a nondisclosure agreement (NDA) for this purpose
What are the different levels of penetration testing used by external consultants? (Hint 3)
Black Box: Testers have no knowledge of the network and no special privileges. Task is to penetrate the network
Gray Box: Testers are given limited knowledge of network and some elevated privileges. Task is to focus on systems with greatest risk and value to the organization
White Box: Testers are given full knowledge of the network and source code of applications. Task is to identify potential points of weakness
What is a bug bounty?
Monetary reward given for uncovering a software vulnerability.
- Uses crowdsourcing to have many people giving their input on a project
What are the rules of engagement? What are the elements of rules of engagement? (hint 7)
Limitations or parameters in a penetration test. Categories include:
- Timing: Parameter sets when the testing will occur
- Scope: Elements that define the relevant test boundaries (Boundaries include what will the environment, internal targets, external targets, target locations, and other boundaries will be)
- Authorization: Receipt or prior written approval to conduct the pen test.
- Exploitation: What vulnerabilities should be exploited
- Communication: Pen tester should communication about the following: Initiation of pen test, incident response, status of the test, and any emergency vulnerabilities
- Cleanup: Ensuring pen test has been removed (i.e software, scripts, etc)
- Reporting: Report on objectives, methods, results, and vulnerabilities
What are the two phases of action that are performed in a penetration test?
Phase 1: Reconnaissance
Phase 2:Penetration
Explain what Phase 1 is of penetration testing:
Phase 1: Reconnaissance:
- Black and gray box testers perform preliminary information gathering outside the organization, called footprinting.
- Testers gather information using:
- Active reconnaissance (examples of this include war driving and war flying)
- Passive reconnaissance (examples include open source intelligence (OSINT) (online searching))
Explain what phase 2 is of penetration testing:
Phase 2: Penetration
- There are several steps a threat actor follows:
- Conduct reconnaissance looking for vulnerabilities
- Gain access to the system through the vulnerability
- Privilege escalation: Moving to more advanced resources
- Threat actor looks for additional systems they can access from their elevated position (lateral movement)
- Install tools on compromised systems to gain deeper network access
- Install backdoor allowing them repeated and long-term access to the system
- Continue to probe until they find their ultimate target and perform their intended malicious action
- Threat actors initial compromised system is a gateway to other systems that is their goal. Called Pivot
What is a vulnerability scan?
A frequent and ongoing process, often automated, that continuously identifies vulnerabilities and monitors cybersecurity progress.
What is the main difference between a vulnerability scan and penetration test?
Vulnerability Scan is continuous while penetration tests identify deeper vulnerabilities
Why can’t vulnerability scans be conducted all the time?
- Workflow interruptions: impacts/slows down response time of systems
- Technical constraints: limitations to how frequently scans can be done depending on size of network
What is an asset inventory?
A list of all significant assets in a system to make make better use of vulnerability scans
What is a configuration review?
- Examination of the software settings for a vulnerability scan
- Ex: Sensitivity level or depth of the scan, intended goals of the scan, data types to be scanned, what target devices will be scanned
What is a credentialed scan?
A scan in which valid authentication credentials, such as usernames and passwords, are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials.
What is a non-credentialed scan?
A vulnerability scan that provides no authentication information to the tester.
What is an intrusive scan?
A scan that attempts to employ any vulnerabilities which it finds, much like a threat actor would.