Learning Objectives and Activities
yasernooryWeek 15
Vulnerability Assessment
One of the most important assets any organization possesses is its data. Many organizations do not seriously examine the vulnerabilities associated with data and thus are unprepared to adequately protect it.
What Is Vulnerability Assessment?
Use Table 15-3 to see the vulnerability assessment actions and steps.
Assessment Techniques
Several different techniques can be used in a vulnerability assessment. Defining a baseline, which is an imaginary line by which an element is measured or compared, can be the standard. Baseline reporting is a comparison of the present state of a system compared to its baseline. Because flaws in software—operating systems, application programs, and utility programs—can all be points at which an attacker can try to penetrate and launch a successful attack, it is important that software vulnerabilities be minimized while the software is being developed (instead of being “patched” later). From a practical standpoint, improvement to minimize errors is difficult because of the size and complexity, lack of formal specifications and future attacks.
Assessment Tools
There are several different types of assessment tools used to perform vulnerability assessments, which include port scanners, protocol analyzers, vulnerability scanners, and honeypots and honeynets. Because port numbers are 16 bits in length, they can have a decimal value from 0 to 65,535. Table 15-4 shows common protocols and their respective port numbers. It is important to implement port security by disabling unused ports to reduce the number of threat vectors. Port scanner software can be used to search a system for port vulnerabilities.
There are three port states, which are open, closed, and blocked. Banner grabbing as a process of using a program to intentionally gather information. A protocol analyzer (also called a sniffer) is hardware or software that captures packets to decode and analyze its contents. Table 15-6 summarizes the types of security-related information available from a protocol analyzer. A vulnerability scanner is a generic term for a range of products that look for vulnerabilities in networks or systems. A problem with vulnerability assessment tools is that no standard has been established for collecting, analyzing, and reporting vulnerabilities. A honeypot is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files. Note that, similar to a honeypot, a honeynet is a network set up with intentional vulnerabilities, whose purpose is to invite attacks so the attacker’s methods can be studied. Vulnerability Scanning vs. Penetration Testing
Two important vulnerability assessment procedures are vulnerability scanning and penetration testing, and both play an important role in uncovering vulnerabilities.
What Is Vulnerability Scanning?
A vulnerability scan is an automated software search (scan) through a system for any known security weaknesses (vulnerabilities) that then creates a report of those potential exposures. The results of the scans should be compared against baseline scans so that any changes (such as new open ports or added services) will be investigated. Table 15-7 shows intrusive and non-intrusive vulnerability scans.
Penetration Testing
Unlike a vulnerability scan, penetration testing (sometimes called a pentest) is designed to actually exploit any weaknesses in systems that are vulnerable. Instead of using automated software, penetration testing relies upon the skill, knowledge, and cunning of the tester. The end product of a penetration test is the penetration test report. The three main techniques that a penetration tester can use are black box testing, white box testing and gray box testing.
Third-Party Integration
Risks of third-party integration are on-boarding and off-boarding, application and social media network sharing, privacy and risk awareness and data considerations. Interoperability agreements can be used by third-parties to reach an understanding of their relationships and responsibilities. These include:
· Service Level Agreement (SLA)
· Blanket Purchase Agreement (BPA)
· Memorandum of Understanding (MOU)
· Interconnection Security Agreement (ISA)
Mitigating and Deterring Attacks
Although there are a wide variety of attacks, there are standard techniques that should be used in mitigating and deterring attacks.
Creating a Security Posture
A security posture is an approach, philosophy, or strategy regarding security, made up of:
· Initial baseline configuration
· Continuous security monitoring
· Remediation
Selecting Appropriate Controls
Table 15-9 shows some common controls that are important to meet specific security goals.
Configuring Controls
Another key to mitigating and deterring attacks is the proper configuration of controls.
Hardening
The purpose of hardening is to eliminate as many security risks as possible and make the system more secure. Some of the different types of hardening techniques are:
· Protecting accounts with passwords
· Disabling any unnecessary accounts
· Disabling all unnecessary services
· Protecting management interfaces and applications
Reporting
It is important to provide information regarding the events that occur so that action can be taken. A well-defined incident reporting and incident management process is important.
Week 15
Additional Resources
which summarizes and supplements Ciampa, Chapter 15.
Links
Certified Ethical Hacker: http://www.eccouncil.org/certification/certified_ethical_hacker.aspx
SANS Penetration Testing Curriculum: http://www.sans.org/security-training/curriculums/pen-tester
Vulnerability Assessment Survey: http://www.symantec.com/connect/articles/vulnerability-assessment-survey
Server Hardening Checklist: h ttps://wikis.utexas.edu/display/ISO/Windows+2008R2+Server+Hardening+Checklist
Center for Internet Security: http://www.cisecurity.org/