Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments

Similar documents
Vulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?

Chapter 4. Network Security. Part I

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

MIS5206-Section Protecting Information Assets-Exam 1

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

Chapter 5: Vulnerability Analysis

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

EC-Council V9 Exam

Vulnerability Management Policy

Exam Questions v8

Chapter 3: User Authentication

ECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]

Choosing the Right Security Assessment

Network Security Assessment

Network Access Control and VoIP. Ben Hostetler Senior Information Security Advisor

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID:

Business Risk Management

Understanding Perimeter Security

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

A (sample) computerized system for publishing the daily currency exchange rates

Indicate whether the statement is true or false.

An ICS Whitepaper Choosing the Right Security Assessment

Secure Development Lifecycle

CompTIA Cybersecurity Analyst+

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

CSWAE Certified Secure Web Application Engineer

Means for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content

Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Transforming Security from Defense in Depth to Comprehensive Security Assurance

CyberArk Privileged Threat Analytics

Internet infrastructure

Network Security and Cryptography. 2 September Marking Scheme

Automating the Top 20 CIS Critical Security Controls

CompTIA Security+(2008 Edition) Exam

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

90% of data breaches are caused by software vulnerabilities.

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

A Look Back at Security Problems in the TCP/IP Protocol Suite Review

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Penetration Testing and Team Overview

IC32E - Pre-Instructional Survey

C1: Define Security Requirements

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Courses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X

10 FOCUS AREAS FOR BREACH PREVENTION

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

Tool-Supported Cyber-Risk Assessment

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Training for the cyber professionals of tomorrow

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Tiger Scheme QST/CTM Standard

External Supplier Control Obligations. Cyber Security

Raj Jain. Washington University in St. Louis

Intrusion Attempt Who's Knocking Your Door

Understanding Cisco Cybersecurity Fundamentals

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

Cyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks

Integrated Access Management Solutions. Access Televentures

All the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too?

Automated, Real-Time Risk Analysis & Remediation

Principles of ICT Systems and Data Security

Configuring BIG-IP ASM v12.1 Application Security Manager

How AlienVault ICS SIEM Supports Compliance with CFATS

hidden vulnerabilities

Security Solutions. Overview. Business Needs

Penetration testing.

Ethical Hacking and Countermeasures: Attack Phases, Second Edition. Chapter 1 Introduction to Ethical Hacking

Terms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

What is Penetration Testing?

Procurement Language for Supply Chain Cyber Assurance

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

J. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering

Mitigation Controls on. 13-Dec-16 1

Title: Planning AWS Platform Security Assessment?

Introduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

SDR Guide to Complete the SDR

Notice for procurement of Penetration Testing Tools for Islami Bank Bangladesh Limited.

CERT Secure Coding Initiative. Define security requirements. Model Threats 11/30/2010

Transportation Security Risk Assessment

Guide to Network Security First Edition. Chapter One Introduction to Information Security

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Certified Vulnerability Assessor

RiskSense Attack Surface Validation for IoT Systems

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

Technology White Paper of SQL Injection Attacks and Prevention

Symantec Exam ST0-134 Symantec EndPoint Protection 12.1 Technical Assessment Version: 8.0 [ Total Questions: 282 ]

Patient Information Security

Machine-Based Penetration Testing

The State of Security

Transcription:

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

Objectives Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing 2

Risk Management, Assessment, and Mitigation One of the most important assets any organization possesses is its data Unfortunately, the importance of data is generally underestimated The first steps in data protection actually begin with understanding risks and risk management 3

What Is Risk? In information security, a risk is the likelihood that a threat agent will exploit a vulnerability More generally, a risk can be defined as an event or condition that could occur And if it does occur, then it has a negative impact Risk generally denotes a potential negative impact to an asset 4

Definition of Risk Management Realistically, risk cannot ever be entirely eliminated Would cost too much or take too long Rather, some degree of risk must always be assumed Risk management A systematic and structured approach to managing the potential for loss that is related to a threat 5

Steps in Risk Management The first step or task in risk management is to determine the assets that need to be protected Asset identification The process of inventorying and managing these items Types of assets: Data Hardware Personnel Physical assets Software 6

Steps in Risk Management (continued) Along with the assets, the attributes of the assets need to be compiled Important to determine each item s relative value Factors that should be considered in determining the relative value are: How critical is this asset to the goals of the organization? How difficult would it be to replace it? How much does it cost to protect it? How much revenue does it generate? 7

8

Steps in Risk Management (continued) Factors that should be considered in determining the relative value are: (continued) How quickly can it be replaced? What is the cost to replace it? What is the impact to the organization if this asset is unavailable? What is the security implication if this asset is unavailable? 9

Steps in Risk Management (continued) Threat identification The next step is to determine the threats from threat agents Threat agent Any person or thing with the power to carry out a threat against an asset Threat modeling Constructs scenarios of the types of threats that assets can face Helps to understand who the attackers are, why they attack, and what types of attacks might occur 10

11

Steps in Risk Management (continued) Attack tree Provides a visual image of the attacks that may occur against an asset 12

Steps in Risk Management (continued) 13

Steps in Risk Management (continued) 14

Steps in Risk Management (continued) Vulnerability appraisal Takes a snapshot of the security of the organization as it now stands Every asset must be viewed in light of each threat Determining vulnerabilities often depends upon the background and experience of the assessor Risk assessment Involves determining the damage that would result from an attack and the likelihood that the vulnerability is a risk to the organization 15

16

Steps in Risk Management (continued) Calculating the anticipated losses can be helpful in determining the impact of a vulnerability Two formulas are commonly used to calculate expected losses Single Loss Expectancy (SLE) The expected monetary loss every time a risk occurs Annualized Loss Expectancy (ALE) The expected monetary loss that can be expected for an asset due to a risk over a one-year period 17

Steps in Risk Management (continued) Risk mitigation The final step is to determine what to do about the risks Options when confronted with a risk: Diminish the risk Transfer the risk Accept the risk 18

Steps in Risk Management (continued) 19

Identifying Vulnerabilities Identifying vulnerabilities through a vulnerability appraisal Determines the current security weaknesses that could expose assets to threats Two categories of software and hardware tools Vulnerability scanning Penetration testing 20

Vulnerability Scanning Vulnerability scanning is typically used by an organization to identify weaknesses in the system That need to be addressed in order to increase the level of security Tools include port scanners, network mappers, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers 21

Port Scanners Internet protocol (IP) addresses The primary form of address identification on a TCP/IP network Used to uniquely identify each network device Port number TCP/IP uses a numeric value as an identifier to applications and services on the systems Each datagram (packet) contains not only the source and destination IP addresses But also the source port and destination port Security+ Guide to Network Security Fundamentals 22

Port Scanners (continued) 23

Port Scanners (continued) If an attacker knows a specific port is used, that port could be probed for weakness Port scanner Used to search a system for port vulnerabilities that could be used in an attack Determines the state of a port to know what applications are running and could be exploited Three port states: Open, closed, and blocked 24

25

26

Network Mappers Network mappers Software tools that can identify all the systems connected to a network Most network mappers utilize the TCP/IP protocol ICMP Internet Control Message Protocol (ICMP) Provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices 27

Network Mappers (continued) 28

29

Protocol Analyzers Protocol analyzer (also called a sniffer) Captures each packet to decode and analyze its contents Can fully decode application-layer network protocols Common uses include: Network troubleshooting Network traffic characterization Security analysis 30

31

Vulnerability Scanners Vulnerability scanner A generic term that refers to a range of products that look for vulnerabilities in networks or systems Intended to identify vulnerabilities and alert network administrators to these problems Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect Other types of vulnerability scanners combine the features of a port scanner and network mapper 32

33

Open Vulnerability and Assessment Language (OVAL) Open Vulnerability and Assessment Language (OVAL) Designed to promote open and publicly available security content Standardizes the transfer of information across different security tools and services A common language for the exchange of information regarding security vulnerabilities These vulnerabilities are identified using industrystandard tools 34

Open Vulnerability and Assessment Language (OVAL) (continued) OVAL vulnerability definitions are recorded in Extensible Markup Language (XML) Queries are accessed using the database Structured Query Language (SQL) OVAL supports Windows, Linux, and UNIX platforms 35

Open Vulnerability and Assessment Language (OVAL) (continued) 36

Password Crackers Password A secret combination of letters and numbers that only the user knows Because passwords are common yet provide weak security, they are a frequent focus of attacks Password cracker programs Use the file of hashed passwords and then attempts to break the hashed passwords offline The most common offline password cracker programs are based on dictionary attacks or rainbow tables 37

38

Password Crackers (continued) Shadow password A defense against password cracker programs for UNIX and Linux systems On a system without a shadow password The file that contains the hashed passwords and other user information is visible to all users A shadow password mechanism creates a second password file, the shadow password file This shadow file can only be accessed at the highest level and contains only the hashed passwords 39

Penetration Testing Penetration testing Method of evaluating the security of a computer system or network By simulating a malicious attack instead of just scanning for vulnerabilities Involves a more active analysis of a system for vulnerabilities One of the first tools that was widely used for penetration testing as well as by attackers was SATAN 40

Penetration Testing (continued) SATAN could improve the security of a network by performing penetration testing To determine the strength of the security for the network and what vulnerabilities may still have existed SATAN would: Recognize several common networking-related security problems Report the problems without actually exploiting them Offer a tutorial that explained the problem, what its impact could be, and how to resolve the problem 41

Summary In information security, a risk is the likelihood that a threat agent will exploit a vulnerability A risk management study generally involves five specific tasks Vulnerability scanning is typically used by an organization to identify weaknesses in the system that need to be addressed in order to increase the level of security Vulnerability scanners for organizations are intended to identify vulnerabilities and alert network administrators to these problems 42

Summary (continued) More rigorous than vulnerability scanning, penetration testing is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker instead of only scanning for vulnerabilities 43

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback