Security Operations 4.3 Flashcards

Explain various activities associated with vulnerability management.

1
Q

Vulnerability Scanning

A

Scans the operating system to see if the potential for an exam exists on a particular system.

Port Scan, Identify Systems, Test from the outside and inside.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SAST

A

Static Code analyser
Identify many security vulnerabilities. Buffer overflows, database injections.

Not everything can be identified through analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Dynamic Analysis (Fuzzers)

A

Random input put into an application to see what the results might be.

Looking for the application to act in a way out of the ordinary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Package Monitoring

A

Some applications are distributed in a package. Confirm the package is legitimate. Confirm a safe package before deployment - by opening in a sandbox/lab environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

OSINT

A

Open-source (Publicly available sources)
Internet - Discussion groups, social media
Government data
Commercial Data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Proprietary/Third-party Intelligence.

A

Third party intelligence company has compiled the threat information and you can buy it. Correlation across different data sources. Constantly monitoring the threat landscape.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Information-sharing organisation

A

Organisations might publicise threats to collaborate against threats.

Public threat intelligence
Private threat intelligence
Need to share critical security details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cyber threat alliance (CTA).

A

Members upload specifically formatted threat intelligence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Dark web intelligence.

A

Use to conduct research on hackers and their activities.

Monitor forums.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Penetration testing

A

Simulating an attack to see if we can gain exploits. Often a compliance mandate.

National institute of standards and technology - NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Rules of engagement

A

An important document;

Defines the purpose and scope, make sure everyone is aware of the rest parameters.

Type of testing and schedule - no pen testing on business hours for example

Rules, Emergency, How to handle sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Exploiting vulnerabilities while pen-testing.

A

Be careful not to break into the system. Be careful to not cause a denial of service or loss of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the process after gaining access to a system.

A

After breaking into a network you’d want to use the exploit to move from system to system. This is known as lateral movement.

Persistence (Set up a back door to make sure there is always a way back in).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The pivot - Pen testing.

A

Gain access to the stems that would normally not be accessible. Use a vulnerable system as a proxy or relay.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Responsible disclosure program.

A

Takes time to fix a vulnerability. Software changes, testing, deployment.

Bug bounty programes - A reward for discovering vulnerabilities, Earn money for hacking a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

False positive

A

A vulnerability is identified that doesn’t really exist. This is a different than a low-severity vulnerability.

16
Q

False Negative

A

A vulnerability does exist but wasn’t detected by the vulnerability scan.

17
Q

Prioritising vulnerabilities

A

Not every vulnerability shares the same priority.
This may be difficult to determine.

18
Q

CVSS

A

Common vulnerability scoring system. 0-10

19
Q

CVE

A

The vulnerabilities can be crossed referenced online.
Common Vulnerabilities and exposures.

20
Q

Vulnerability classification

A

After the vulnerability scanner detects the vulnerability it should provide a ranking system which shows the severity of the vulnerability.

21
Q

Exposure Factor

A

An exposure factor loss of value or business activity. If the vulnerability is exploited expressed as a percentage.

A small DDoS may limit access to a service.

22
Q

Environmental Variables.

A

Environmental variables.
What type of environment is associated with this vulnerability?

Consider the environment so:
number and type of users
Revenue generating application
Potential for exploit

23
Q

Industry/organisation impact.

A

The amount of risk acceptable to an organisation is risk tolerance.

24
Patching
The most common mitigation techniques. Patches are often scheduled, monthly, quarterly. Constantly provided. Unscheduled patches often occur if there is an urgent vulnerability.
25
Insurance
Cyber security insurance coverage. -Lost revenue -Data recovery costs -Money lost to phishing -Privacy lawsuit costs. Insurance doesn't cover everything.
26
Segmentation to limit scope.
Limit scope of a potential exploit by separating devices into their own network via VLANS. Airgaps may be required. Use internal NGFW's Block unwanted unnecessary traffic between VLANS.
27
What are the two ways to achieve segmentation
Physical segmentation, multiple units, separate infrastructure Logical segmentation with VLANS.
28
Compensating controls examples in the event of a breach.
Disable the problematic service. Revoke access to the application Limit external access Modify internal security control and software firewalls.
29
Exceptions and exemptions
Not everything can be patched so the change control committee will make decisions on what devices will not receive a patch. Whilst a vulnerability may exist it may not be easy to exploit for example it may need to be physically accessed to exploit so leaving unpatched does not dramatically increase risk.
30
Validation of remediation
Important to perform a a scan to ensure that the patch really did stop the exploit and all vulnerable systems. Important to conduct another vulnerability scan to see if the vulnerability still exists.
31
Reporting
Ongoing checks are required. New vulnerabilities are continuously discovered. Necessary once an organisation reaches a certain size. Continuous reporting: - Number of identified vulnerabilities -System patched vs unpatched -New threat notifications -Errors, exceptions and exemptions.