Section - 22 and 23 - Vulnerability Management and Alerting and Monitoring Flashcards
How are few ways to identify vulnerabilities in networks, systems and applications?
- Vulnerability scanning
- Application security
- Static code analysis
- Dynamic Code Analysis
- Package monitoring (Libraries and components that application depend on, we ensure they are secure) - Penetration Testing
- Auditing controls and security polices/procedures
What is Threat intelligence feed?
This is a fact/evidence based data about current and emerging threats, vulnerabilities and risks to our organization assists.
It has information about the TTPs of threat actors, indicators of compromise, malware signature etc and can help us protect out networks/assets.
What are few sources where we can get threat intelligence data from?
- OSINT tools - Open Source Intelligence tools.
- Proprietary and 3rd part organizations - They might provide this threat intelligence data as a subscription based service.
- Dark Web
- Information Sharing organizations or centers - These are groups of companies that have common interest.
What is Responsible Disclosure Program?
It is a program/document that states that if an ethical hacker finds a vulnerability in some system/tool/application, he is obliged to first notify the vendor of the production so that Vendor can apply a patch for it before it can be made public.
Big Bounty Program also make use of Responsible Disclosure Programs.
What are the main steps involved in analyzing vulnerabilities?
- Confirmation - True-positive?
- Prioritization
- Classification Can be classified into - application flaw, configuration error, Gap in security policy
- Organizational impact
- Exposure Factor
- Risk Tolerance
What are 2 well known tools for vulnerability and Configuration scanning?
- OpenVAS
- Nessus
Learn practical use of one of these.
What are few methods for Vulnerability Response and Remediation?
- Patching
- Purchasing Cyber Security Insurance Policies
- Network Segmentation
- Implementing compensating controls
- Granting Exceptions and Exemptions
What are few ways to validate Vulnerability Remediation?
- Rescans
- Audits
- Verification - It is done by penetration testing, user verification, feedback loops
What is Vulnerability reporting?
Define SNMP and 3 messages that it uses?
SNMP stands for Simple Network Management Protocol.
It is a protocol used to manage managed-devices in an enterprise.
It uses the concept of SNMP managers and SNMP agents.
It uses 3 kinds of messages -
SNMP GET
SNMP SET
SNMP - Trap
What kind of information can SNMP trap message might have?
Device Uptime, configuration changes, unexpected downtime etc.
SNMP trap message can be set to send message in 2 ways -
Granular Trap - Sent trap messages get a unique objective identifier to distinguish each message as a unique message being received.
Verbose Trap -
How a SIEM tool might get its log data from sources?
It can either collect data using SIEM agents
Or
it might use SNMP to collect data from devices.
What is Elastic stack tool?
It is a collection of free and open-source SIEM tools.
It has following components -
- Elastic Search - Search queries language
- Log Stash - This component collect logs from sources and normalize log data.
- Kibana - Provide Visual Representation of events of interest
- Beats - Endpoint log collection agents
What is SCAP?
SCAP stands for Security Content Automation Protocol -
It is a suite of protocols that automate vulnerability management, measurement, and policy compliance for systems in a organization.
- Developed by NIST
It contain number of tools for automating the work of -
Vulnerability Management
Configuration checking
Software Inventory
How does SCAP assist with automating the above tasks?
By creating a common language or format that different tools, devices, applications use to talk with each other.