Week 4 - Vulnerability Scanning Flashcards
Vulnerability Assessment
Methodological test of the ability of a system or application, to
withstand exploitation.
The process searches for known weaknesses in the services and
software running on a target machine.
Objectives:
* Identify weaknesses that could be exploited,
- Predict the effectiveness of additional security measures in
protecting information resources from attack, - Search network segments for IP-enabled devices and enumerate
systems, OSs, and applications to identify vulnerabilities;
Vulnerability Scanning
Uses a database of known vulnerabilities to check for weaknesses on a system. Results are checked against a CVE index.
Different scanners accomplish this goal through different means.
* Search for signs such as registry entries in Windows to identify a
specific patch or update,
* Actually attempt to exploit a vulnerability on a device;
Vulnerability scanners are capable of identifying :
- The OS version,
- Listening ports,
- Applications installed,
- Weak passwords,
- Files/Folders with weak permissions,
- Default services/applications that might have to be uninstalled,
- Errors in the security configuration,
- Computers exposed to known vulnerabilities,
- Missing patches/hotfixes,
- Weak network configurations and misconfigured or risky ports;
Limitations of Vulnerability Assessment
- Limited in its ability to detect vulnerabilities at a given point in time,
- Must be updated when new vulnerabilities are discovered,
- Does not measure the strength of security controls,
- Is not immune to software engineering flaws that might lead to it missing serious vulnerabilities,
- Human judgment is needed to analyze the data after scanning for false positives and false negatives;
Common Vulnerability Scoring System - CVSS
Open industry standard for assessing the severity of computer system security vulnerabilities.
It is used to assign severity scores to vulnerabilities, allowing for
prioritization of responses according to threats.
CVSS Metrics
Example: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Common Vulnerabilities and Exposures - CVE
Publicly available and free-to-use list of standardized identifiers for common software vulnerabilities and exposures.
Ensures confidence among parties when discussing or sharing
information about a software vulnerability.
Provides a baseline for tool evaluation and enables data exchange
for cybersecurity automation.
___ IDs provide a baseline for evaluating the coverage of tools and services so that users can determine which tools are most effective and appropriate for their organization’s needs.
What is CVE?
- One identifier for one vulnerability or exposure,
- One standardized description for each vulnerability or exposure,
- A dictionary rather than a database,
- A method for disparate databases and tools to “speak” the same language,
- The way to interoperability and better security coverage,
- A basis for evaluation among services, tools, and databases,
- Free for the public to download and use,
- Industry-endorsed via the CVE Numbering Authorities, CVE Board, and the numerous products and services that include CVE;
National Vulnerability Database - NVD
The U.S. government repository of standards-based vulnerability management data.
Includes databases of security checklist references, security-
related software flaws, misconfigurations, product names, and impact
metrics.
Performs an analysis on CVEs that have been published to
the CVE Dictionary.
* They do not actively perform vulnerability testing,
* it relies on third party to provide information;
Common Weakness Enumeration - CWE
A community-developed list of software and hardware weakness types.
It has almost 900 categories of weaknesses,
* often employed as a baseline for weakness identification, mitigation, and prevention efforts.
Vulnerability-Management Life Cycle
Process that helps identify and remediate security weaknesses before they can be exploited. It includes:
* defining the risk posture and policies for an organization,
* creating a complete asset list of systems,
* scanning and assessing the environment for vulnerabilities and exposures,
* taking action to mitigate the vulnerabilities that are identified.
It helps gaining a perspective regarding possible cybersecurity threats and makes computing environments more resilient to attacks.
Phases of the Vulnerability-Management Life Cycle
Organizations should maintain a proper vulnerability management program to ensure overall information security.
The phases involved are:
* Identify Assets and Create a Baseline,
* Vulnerability Scan,
* Risk Assessment,
* Remediation,
* Verification,
* Monitor;
Endpoints Vulnerabilities
Missing patches,
Unsupported OS & Apps,
Buffer Overflows,
Arbitrary Code Execution,
Default installations,
Insecure Protocol Use,
Misconfiguration,
Debugging Modes;
Network Vulnerabilities
SSL and TLS issues,
DNS issues,
Internal IP disclosure;
Web Application Vulnerabilities
Injection Attacks,
Cross Site Scripting (XSS);
