Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Applied Penetration Testing > Week 4 - Vulnerability Assessment and Pen Testing > Flashcards

Week 4 - Vulnerability Assessment and Pen Testing Flashcards

1
Q

Vulnerability Assessment Elements

A

– Identify what needs to be protected (asset identification),
– What pressures are against those assets (threat evaluation),
– How susceptible current protection is (vulnerability appraisal),
– What damages could result from the threats (risk assessment),
– Analysis of what to do about it (risk mitigation);

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Asset Identification

A
  • Asset identification - Process of inventorying items with economic value
  • Common assets
    – People
    – Physical assets
    – Data
    – Hardware
    – Software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Asset’s Relative Value

A
  • After an inventory of the assets has been taken, it is important to determine each item’s relative value.
  • Value based on:
    – Asset’s criticality to organization’s goals,
    – How much revenue asset generates,
    – How difficult to replace asset,
    – Impact of asset unavailability to the organization;
  • Can rank using a number scale;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Threat Evaluation

A
  • Threat evaluation - List potential threats from threat agent,
  • Threat agents are not limited to attackers,
  • Also include natural disasters like fire or severe weather;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Threat Modeling

A
  • Threat modeling – Goal of understanding attackers and their methods.
  • Attack tree - Provides visual representation of potential attacks as inverted tree structure.
  • Attack tree displays:
    – Goal of attack,
    – Types of attacks that could occur,
    – Techniques used in attacks;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerability Appraisal

A
  • Vulnerability appraisal - Determine current weaknesses as snapshot of current organization security,
  • Every asset should be viewed in light of each threat,
  • Catalog each vulnerability;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Assessment

A
  • Risk assessment - Determine damage resulting from attack and assess likelihood that vulnerability is risk to organization.
  • Determining damage from attack first requires realistic look at several different types of attacks that might occur.
  • Based upon vulnerabilities recognized in vulnerability appraisal, a risk assessment of impact can then be undertaken.
  • Not all vulnerabilities pose the same risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk Mitigation

A
  • Risk mitigation - Determine what to do about risks.
  • Risk can never be entirely eliminated; would cost too much or take too long.
  • Some risks must be accepted by default and degree of risk must always be assumed.
  • Question is not, “How can we eliminate all risk?” but “How much acceptable risk can we tolerate?”.
  • Once “toleration” level is known, steps can be taken to mitigate risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Baseline Reporting

A
  • Baseline - Imaginary line by which an element is measured or compared; can be seen as standard.
  • IT baseline is checklist against which systems can be evaluated and audited for security posture.
  • Outlines major security considerations for system and becomes the starting point for solid security.
  • Baseline reporting - Comparison of present state of system to its baseline.
  • Deviations include not only technical issues but also management and operational issues.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Software Programing Vulnerabilities

A
  • Important for software vulnerabilities be minimized
    while software being developed instead of after released.
  • Software improvement to minimize vulnerabilities
    difficult:
    – Size and complexity
    – Lack of formal specifications
    – Ever-changing attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Assessment Tools

A
  • Many tools available to perform vulnerability assessments:
    – Port scanners,
    – Banner grabbing tools,
    – Protocol analyzers,
    – Vulnerability scanners,
    – Honeypots and honeynets;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ports

A
  • TCP/IP networks exchange information between program running on one system (process) and same/corresponding process running on remote
    system.
  • Each packet/datagram contains source port and destination port.
  • Identifies both originating application/service on local system and corresponding application/service on remote system .
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Port Categories

A
  • Port numbers 16 bit length so have decimal value from 0-65,535.
  • Well-known port numbers (0–1023) - Reserved for most universal applications.
  • Registered port numbers (1024–49151) - Other applications not as widely used.
  • Dynamic and private port numbers (49152–65535) - Available for use by any application.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Port Security

A
  • Because port numbers are associated with applications and services, if attacker knows specific port is accessible could indicate what services are
    being used.
  • Implement by disabling unused application/service ports to reduce number of threat vectors.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Port Scanner

A
  • Software can be used to search system for port vulnerabilities.
  • Port scanners typically used determine state of port to know what applications/services are running.
  • Three port states:
    – Open - Application/service assigned to port is listening for any instructions.
    – Closed - No process is listening.
    – Blocked - Host system does not reply to any inquiries to this port number.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

TCP Connect Scan

A

Involves completing a ‘three-way handshake’ with a remote port, and reports the port as closed if the full handshake cannot be established. An advantage is that it works against any TCP/IP stack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

TCP SYN Scan

A

Sends a SYN packet, and if open, it will respond with SYN+ACK. The scanner then closes the connected before the “handshake” is completed.

Very popular as most sites do not log these attempts, also known as “half-open scanning”.

18
Q

TCP FIN Scan

A

Sends a finish (FIN) message without first sending a SYN packet, a closed port will reply but an open port will ignore.

Popular as it can pass through firewalls and avoid detection.

19
Q

Xmas Tree Scan

A

Flags FIN, URG, PSH are all set to watch how a host responds to the strange packet, which can in turn determine its operating system.

20
Q

Banner

A

A Message that service transmits when another program connects to it.

21
Q

Banner grabbing

A
  • Used as assessment tool to perform inventory on services and systems operating on server.
  • Can be done by using Telnet to create connection with host and then querying each port.
22
Q

Protocol Analyzers

A

Hardware or software that captures packets to decode and analyze contents.

  • Common uses for protocol analyzers:
    – Used by network administrators for troubleshooting,
    – Characterizing network traffic,
    – Security analysis;
23
Q

Open Vulnerability and Assessment Language (OVAL)

A
  • Problem with assessment tools is no standard for collecting, analyzing, reporting vulnerabilities.
  • Designed to promote open and publicly available security content.
  • International standard to list and rate vulnerabilities.
  • Consistent with the CVE list.
  • Standardizes information transfer across different security tools and services.
24
Q

Honeypot

A

Computer protected by minimal security and intentionally configured with
vulnerabilities and contains bogus data files.

Goal is trick attackers into revealing their techniques.

25
Q

Honeynet

A

Network set up with intentional vulnerabilities and honeypots.

26
Q

Vulnerability Scan

A
  • Automated software searches a system for known security weaknesses.
  • Creates report of potential exposures.
27
Q

Intrusive vulnerability scan

A

Attempts to actually penetrate system in order to perform simulated attack.

28
Q

Non-intrusive vulnerability scan

A

Uses only available information to hypothesize status of the vulnerability.

29
Q

Credentialed vulnerability scan

A

Scanner that permit username and password of active account to be stored and used.

30
Q

Non-credentialed vulnerability scans

A

Scanner that do not use credentials.

31
Q

Penetration Testing

A

Designed to exploit system weaknesses.

  • Relies on tester’s skill and knowledge,
  • Usually conducted by independent contractor,
  • Tests usually conducted outside the security perimeter and may even disrupt network operations,
  • End result is penetration test report;
32
Q

Third-Party Integration

A

Risk of combining systems and data with outside entities, continues to
grow.

  • On-boarding - Start-up relationship between partners.
  • Off-boarding - Termination of agreements.
33
Q

Service Level Agreement (SLA)

A

Service contract between a vendor and a client.

34
Q

Blanket Purchase Agreement (BPA)

A

Prearranged purchase or sale agreement between a government agency and a business.

35
Q

Memorandum of Understanding (MOU)

A

Describes agreement between two or more parties.

36
Q

Interconnection Security Agreement (ISA)

A

Agreement intended to minimize security risks for data transmitted across a network.

37
Q

Mitigating and Deterring Attacks

A
  • Standard techniques for mitigating and deterring
    attacks:
    – Creating a security posture,
    – Selecting and configuring controls,
    – Hardening,
    – Reporting;
38
Q

Creating a Security Posture

A
  • Describes strategy regarding security.
  • Elements of security posture:
    – Initial baseline configuration,
    – Continuous security monitoring,
    – Remediation;
39
Q

Selecting Appropriate Controls

A
  • Selecting appropriate controls to use is key to mitigating and deterring attacks.
  • Many different controls can be used.
  • Common controls are important to meet specific security goals.
40
Q

Configuring Controls

A
  • Key to mitigating and deterring attacks is proper configuration and testing of the controls.
  • One category of controls is those either detect or prevent attacks.
41
Q

Hardening

A

Eliminate as many security risks as possible.

  • Techniques to harden systems:
    – Protecting accounts with passwords,
    – Disabling unnecessary accounts,
    – Disabling unnecessary services,
    – Protecting management interfaces and applications;
42
Q

Reporting

A
  • Providing information regarding events that occur.
  • Alarms or alerts - Sound warning if specific situation is occurring.
  • Reporting can provide information on trends.
  • Can indicate a serious impending situation.

Applied Penetration Testing (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions