Section - 22 and 23 - Vulnerability Management and Alerting and Monitoring Flashcards

1
Q

How are few ways to identify vulnerabilities in networks, systems and applications?

A
  1. Vulnerability scanning
  2. Application security
    - Static code analysis
    - Dynamic Code Analysis
    - Package monitoring (Libraries and components that application depend on, we ensure they are secure)
  3. Penetration Testing
  4. Auditing controls and security polices/procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Threat intelligence feed?

A

This is a fact/evidence based data about current and emerging threats, vulnerabilities and risks to our organization assists.

It has information about the TTPs of threat actors, indicators of compromise, malware signature etc and can help us protect out networks/assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are few sources where we can get threat intelligence data from?

A
  1. OSINT tools - Open Source Intelligence tools.
  2. Proprietary and 3rd part organizations - They might provide this threat intelligence data as a subscription based service.
  3. Dark Web
  4. Information Sharing organizations or centers - These are groups of companies that have common interest.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Responsible Disclosure Program?

A

It is a program/document that states that if an ethical hacker finds a vulnerability in some system/tool/application, he is obliged to first notify the vendor of the production so that Vendor can apply a patch for it before it can be made public.

Big Bounty Program also make use of Responsible Disclosure Programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the main steps involved in analyzing vulnerabilities?

A
  1. Confirmation - True-positive?
  2. Prioritization
  3. Classification Can be classified into - application flaw, configuration error, Gap in security policy
  4. Organizational impact
  5. Exposure Factor
  6. Risk Tolerance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are 2 well known tools for vulnerability and Configuration scanning?

A
  1. OpenVAS
  2. Nessus

Learn practical use of one of these.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are few methods for Vulnerability Response and Remediation?

A
  1. Patching
  2. Purchasing Cyber Security Insurance Policies
  3. Network Segmentation
  4. Implementing compensating controls
  5. Granting Exceptions and Exemptions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are few ways to validate Vulnerability Remediation?

A
  • Rescans
  • Audits
  • Verification - It is done by penetration testing, user verification, feedback loops
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Vulnerability reporting?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define SNMP and 3 messages that it uses?

A

SNMP stands for Simple Network Management Protocol.
It is a protocol used to manage managed-devices in an enterprise.

It uses the concept of SNMP managers and SNMP agents.

It uses 3 kinds of messages -

SNMP GET
SNMP SET
SNMP - Trap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What kind of information can SNMP trap message might have?

A

Device Uptime, configuration changes, unexpected downtime etc.

SNMP trap message can be set to send message in 2 ways -

Granular Trap - Sent trap messages get a unique objective identifier to distinguish each message as a unique message being received.

Verbose Trap -

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How a SIEM tool might get its log data from sources?

A

It can either collect data using SIEM agents
Or
it might use SNMP to collect data from devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Elastic stack tool?

A

It is a collection of free and open-source SIEM tools.
It has following components -

  1. Elastic Search - Search queries language
  2. Log Stash - This component collect logs from sources and normalize log data.
  3. Kibana - Provide Visual Representation of events of interest
  4. Beats - Endpoint log collection agents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is SCAP?

A

SCAP stands for Security Content Automation Protocol -

It is a suite of protocols that automate vulnerability management, measurement, and policy compliance for systems in a organization.

  • Developed by NIST

It contain number of tools for automating the work of -
Vulnerability Management
Configuration checking
Software Inventory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does SCAP assist with automating the above tasks?

A

By creating a common language or format that different tools, devices, applications use to talk with each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are 3 common languages used by SCAP?

A
  1. OVAL - Open Vulnerability and Assessment Language- It is a machine readable format of Vulnerabilities and security configuration that different security tools can use for automating the work of security assessment/management. It uses XML based schema.
  2. XCCDF - Extensible Configuration Checklist Description Format - It defines common security (best practices) configurations for different system, applications, OS in a machine redable format.
  3. ARF - Asset reporting Format

ChatGPT these terms****

17
Q

What are 3 different methods to enumerate assets in SCAP framework?

A
  1. CCE - Common Configuration Enumeration
  2. CPE - Common Platform Enumeration
  3. CVE
18
Q

What is MRTG?

A

MRTG stands for Multi-Router Traffic Grapher

It is a Flow-analysis tool.
It creates graphs showing traffic flows through the network interfaces of routers and switches by polling the appliances using SNMP.