Module 23 Endpoint Vulnerability Assessment Flashcards
What is network profiling?
Session duration, total throughput, typical traffic type, critical asset address space
What is a server profile?
Listening ports, logged in users and accounts, service accounts, software environment
What is Network Anomaly Detection?
Network behavior - large amount of data such as packet flow, features of the packet, etc.
- Big data analytics techniques can be used to analyze data and detect variations
What does network vulnerability testing include?
Risk analysis, vulnerability assessment and penetration testing
What is penetration testing?
Use of hacking techniques and tools to penetrate network defenses
What is vulnerability assessments?
Patch management, host scans, port-scanning and other scans
What is risk analysis
Individuals conduct comprehensive analysis of impacts of attacks on core company assets and functioning
What is CVSS
Common Vulnerability Scoring Sys is a risk assessment tool
What are the CVSS Metric Groups
Base, temporal and environmental metric group
What is the base Metric group
Represents the characteristics of a vulnerability that are constant over time
What is Temporal Metric
Measures the characteristics of a vuln that may change over time, but not environments
What is envir metric group
Measures aspects of a vuln that are rooted in a specific organizations envir
What is considered a high severity rating?
Any vuln that exceeds 3.9
What are some vulnerability information sources?
NVD - National Vulnerability Database , CVE (Common Vulnerabilities and Exposures),
What is risk management?
Selection and Specification of security controls for an organization
What are the ways to respond to risk?
Risk tolerance, risk reduction, risk sharing and risk retention
What are the steps in the vulnerability management life cycle?
Discover, prioritize assets, assess,
What is the discover process?
Develop a network baseline - identify security vulnerabilities
What is prioritizing assets?
Categorize assets into group or business units and assign a business value
What is assessing?
Determine a baseline risk profile to eliminate risks based on asset criticality, threats, vulnerabilities and asset classification
What is report?
Measure the level of business risk associated with your assets according to security policies. Document a security plan, monitor activity, describe vuln
What is remediate
Prioritize according to business risk and add vuln in order of risk
What is verify
Verify that threats have been eliminated
What is the NIST cybersecurity framework?
Set of standards designed to integrate existing standards, guidelines and practices to help manage and reduce risk
What are some of the functions
Identify, Protect, Detect, Respond and Recover
What are some tools for asset management?
Automation of inventory, identification of non-compliant authorized assets, specify desired state for those devices using policies, plans in the org information security plan…remediation or acceptance of device state
Provide an example of asset management - specifying a desire state
Desired state - windows env, we have active directory, within ad we have group policies which are an articulation of a desired state
Mobile device management - what is out there?
Increase in device management - cisco Meraki Systems Manager which can configure, monitor and update mobile clients
What is configuration management?
Maintaining integrity of systems, through control of the processes for changing, initializing and monitoring the configs of those products
What are some configuration tools?
Puppet, Chef, Ansible, SaltStack
What is enterprise patch management?
Involves all aspects of software patching, identifying required patches, acquiring and installing.
What are some Patch Management Techniques
Agent based - requires a software agent to be running on each host. Communicates with patch management server - preferred for mobile DEVICES!
What is passive network monitoring?
Devices requiring patching are identified through monitoring of traffic on a network.
What is a ISMS within Security Management Systems?
Information Security Management System consists of a management framework to identify, analyze and address information security risks.
ISO-27001 - what are the 4 pillars
Plan, Do, Check, Act
