Section 22 - Vulnerability Management Flashcards
What is a vulnerability assessment?
Seeks to identify any issues in a network, application, database, or other systems prior to it being used that might compromise the system
Vulnerability assessments are a formalized process that ____, _____, and _____ the security holes in an enterprise network architecture.
define, identify and classify
What is vulnerability management?
Practice of finding and mitigating the vulnerabilities in computers and networks
** This is the oversight process of vulnerability assessments
Vulnerability management is a cyclical process. Sometimes you’ll hear it referred to as…?
Scan, Patch, Scan
*** This is because you’ll scan the network for vulnerabilities to identify them (SCAN) then you’ll prioritize, fix and patch them (PATCH) and you’ll scan again. You repeat this until there are no vulnerabilities left.
How is a vulnerability assessment conducted?
Most commonly, a vulnerability management program will be used inside of an organization ad they’ll choose what software you’re going to use.
What are the five basic concepts you need to know to summarize the vulnerability management process?
- Define the desired state of security
- Create a baseline
- Prioritize the vulnerabilities
- Mitigate vulnerabilities
- Monitor the network and systems and conduct future scans
What is a penetration test?
A test conducted by a team of professionals to simulate an attack on your network, its systems or its applications
What is the difference between black box, gray box and white box testing?
Black box = zero knowledge (the pentesters have to hunt for any information that they need in order to be able to penetrate the network’s defenses)
Gray box = Some knowledge
White box = Full knowledge
What is the difference between a penetration test and a vulnerability assessment?
A vulnerability assessment is conducted as a credentialed scan, where the tool can be provided with a username and password for the systems.
Penetration tests are going to be conducted in the form of a test (black, white or gray) where pentesters will simulate being an attacker who will attempt to get into your network and after the test is complete they will provide a report telling you what vulnerabilities were found.
Penetration tests follow five basic steps. What are they?
- Get permission and document info
- Conduct reconnaissance
- Enumerate the targets
- Exploit the targets
- Document the results
What is a tabletop exercise (TTX)?
Exercise that uses an incident scenario against a framework of controls or a red team
*** This is a discussion of simulated emergency situations and security incidents
What is a red team vs a blue team?
Red team = attacking your system in a penetration test
Blue team = defending your system in a penetration test
*** Teams can be external or internal meaning they can either be employees (internal) conducting the test or a third party (external.)
What is a red team?
The hostile or attacking team in a penetration test or incident response exercise
What is a blue team?
The defensive team in a penetration test or incident response exercise
What is a white team?
Staff administering, evaluating, and supervising a penetration test or incident response exercise
What is OVAL?
Open Vulnerability and Assessment Language
A standard designed to regulate the transfer of secure public information across networks and the internet utilizing any security tools and services available
*** This is an attempt to create a standard way for vulnerability management software, scanners, and other tools to share their data with each other and with other programs.
OVAL is compromised of two different parts. What are they?
Language
Interpreter
What is OVAL language?
An XML schema used to define and describe the information being created by OVAL to be shared among the various programs and tools
What is an OVAL interpreter?
A reference developed to ensure the information passed around by these programs complies with the OVAL schemas and definitions used by the OVAL language
What are the tools used to conduct vulnerability assessments?
Network mapping
Vulnerability scanning
Network sniffing
Password Analysis
What is network mapping?
Discovery and documentation of physical and logical connectivity that exists in the network
What does vulnerability scanning do?
A technique that identifies threats on the network without exploiting them
What is banner grabbing?
A technique used to gain information about servers and inventory the systems or services
What is Network Sniffing?
The process of finding and investigating other computers on the network by analyzing the network traffic or capturing the packets being sent
Network sniffing tools is also called…?
Packet Sniffers
What are protocol analyzers?
Software tool that allows for the capture, reassembly, and analysis of packets from the network
What is Nmap?
A tool that can be used to determine what hosts are on your network, so in that respect it is a network mapping tool.
It can also be used to determine what services are running on what open ports and what versions of those services are being run. This makes Nmap a vulnerability scanner as well.
What is password analysis?
A tool used to test the strength of your passwords to ensure your password policies are being followed
What is password cracker?
Uses comparative analysis to break passwords and systematically continues guessing until the password is determined
What are the two most well known password crackers?
Cain and Abel
John the Ripper
What are the four different methods of doing password cracking and analysis?
Password Guessing
Dictionary Attack
Brute Force Attack
Cryptanalysis Attack
What is password guessing?
Occurs when a weak password is simply figured out by a person
What is a dictionary attack?
Method where a program attempts to guess the password by using a list of possible passwords
What is a Brute-Force Attack?
Method where a program attempts to try every possible combination until it cracks the password
What is a cryptanalysis password?
This attack relies on comparing a precomputed encrypted password to a value in a lookup table
What is a rainbow table?
List of precomputed values used to more quickly break a password since values don’t have to be calculated for each password being guessed
*** This is what a cryptanalysis password refers to in order to work
What is a yellow team?
The team responsible for building tools and architectures in which the exercise will be performed