Vulnerability Scanning Flashcards
Important to identify vulnerabilities so that they can be mitigated
Identifying Vulnerabilities
An evaluation of a system’s security and ability to meet compliance requirements
based on the configuration state of the system as represented by information
collected from the system
Vulnerability Assessment
A hardware appliance or software application that is configured with a list of
known weaknesses and exploits and can scan for their presence in a host
operating system or within a particular application
Vulnerability Scanner
The range of hosts or subnets included within a single scan job
Scope
Vulnerability scans being conducted on your local network
from within your local network
Internal Scanning
Vulnerability scans being conducted against your network from
outside of your local network
External Scanning
An enumeration or vulnerability scan that analyzes only intercepted network
traffic rather than sending probes to a target
Passive Scanning
An enumeration or vulnerability scan that analyzes the responses from probes
sent to a target
Active Scanning
The vulnerability scanner is given a user accounts to log-on to the target systems
or hosts
Credentialed Scan
The vulnerability scanner sends test packets against a target without logging onto
the system or host
Non-credentialed Scan
The vulnerability scanning is launched from one or more scanning servers against
the targets
Server-based Scanning
The vulnerability scanning is conducted using a software application installed
locally on each target
Agent-based Scanning
Vulnerability scanners must be configured with parameters to be effective in scanning
your network
Scanning Parameters
The division of a network into separate zones through the use of VLANs and
subnetting
Segmentation
A synchronized list of data and scripts used to check for vulnerabilities, also
known as plug-ins or network vulnerability tests (NVTs)
Vulnerability Feeds
A NIST framework that outlines various accepted practices for automating
vulnerability scanning by adhering to standards for scanning processes, results
reporting and scoring, and vulnerability prioritization
Security Content Automation Protocol (SCAP)
An XML schema for describing system security state and querying vulnerability
reports and information
Open Vulnerability and Assessment Language (OVAL)
An XML schema for developing and auditing best-practice configuration checklists
and rules
Extensible Configuration Checklist Description Format (XCCDF)
The amount and intensity of vulnerabilities to test against a target
Scan Sensitivity
Used to create and update an inventory of assets by conducting enumeration of
the network and its targets without scanning for vulnerabilities
Discovery Scan
A scan that contains options for analyzing hosts for unpatched software
vulnerabilities and configuration issues
Fast/Basic Assessment Scan
A comprehensive scan that forces the use of more plug-in types, takes longer for
to conduct host scanning, and has more risk of causing a service disruption
Full/Deep Assessment Scan
A scan based on a compliance template or checklist to ensure the controls and
configuration settings are properly applied to a given target or host
Compliance Scans
Printers, VoIP phones, and embedded systems components can react unpredictably to any type of scanning
Scanning Risks