CHAPTER 10 VULNERABILITY ASSESSMENT

AND DATA SECURITY

Monday, 10 July, 2023 11:46 PM

Vulnerability Assessment

• A security posture evaluation is a systematic and methodical assessment of

an enterprise’s exposure to attackers, natural forces, and other harmful
entities
• Vulnerability assessment includes:
i. Asset identification
ii. Threat evaluation
iii. Vulnerability appraisal
iv. Risk assessment
v. Risk mitigation

Asset Identification

• Common assets
• People
• Physical assets
• Data
• Hardware
• Software

Threat Evaluation

• Threat evaluation lists potential threats from threat agents, which are
people or things that can carry out a threat against an asset
• Threat modeling aims to understand attackers and their methods by
constructing threat scenarios
• Attack trees provide a visual representation of potential attacks and are
drawn as inverted tree structures

ITT450 Page 1
Vulnerability Appraisal

• Determine current weaknesses

• Takes a snapshot of current organization security
• Every asset should be viewed in light of each threat
• Catalog each vulnerability

Risk Assessment

• Determine damage that would result from an attack

• Assess likelihood that vulnerability is a risk to organization

ITT450 Page 2
Risk Mitigation

• Determine what to do about the risks

• Determine how much risk can be tolerated

Vulnerability Assessment Tools

i. Port Scanners
• TCP/IP communication involves information exchange between programs
on different systems using port numbers as identifiers
• Port numbers are 16 bits long and are divided into three categories: well-
known, registered, and dynamic/private
• Well-known port numbers are for universal applications, registered port
numbers are for other applications, and dynamic/private port numbers
are for any application
• Knowledge of port numbers can be used by attackers to target specific
services
• Port scanner software searches system for port vulnerabilities and
determines port state (open, closed, or blocked)
ii. Protocol Analyzers
• Protocol analyzers are hardware or software that capture packets and
decode and analyze their contents
• Protocol analyzers are also called sniffers
• Protocol analyzers are used by network administrators for
troubleshooting, characterizing network traffic, security analysis, and
fine-tuning the network and managing bandwidth
ITT450 Page 3
 fine-tuning the network and managing bandwidth
iii. Vulnerability Scanners
• Vulnerability scanners are products that look for vulnerabilities in
networks or systems
• Vulnerability scanners identify vulnerabilities and alert network
administrators
• There are two types of vulnerability scanners: active and passive
• Passive scanners identify current software OS and applications on the
network and indicate which devices might have a vulnerability
• Vulnerability scanners can alert when new systems are added to the
network and identify which applications and servers host or transmit
sensitive data
iv. Honeypots and Honeynets
• Honeypot is a computer with minimal security and intentional
vulnerabilities
• Honeypot contains fake data files and aims to trick attackers into
revealing their techniques
• Honeynet is a network with one or more honeypots and intentional
vulnerabilities

Vulnerability Scanning

• Vulnerability scan is an automated software search for known security

weaknesses in a system
• Vulnerability scan creates a report of potential exposures and should be
compared against baseline scans
• Vulnerability scan looks for vulnerabilities, missing security controls, and
common misconfigurations
• There are two methods for performing a vulnerability scan: intrusive and
non-intrusive
• Intrusive vulnerability scan tries to penetrate the system to simulate an
attack
• Non-intrusive vulnerability scan uses only available information to guess the
status of the vulnerability
• Credentialed vulnerability scan provides credentials to the scanner to test
for more internal vulnerabilities
• Non-credentialed scans do not use credentials

Penetration Testing

• Penetration testing is designed to exploit system weaknesses and relies on

tester’s skill, knowledge, and cunning
Penetration testing is usually conducted by independent contractor, outside
ITT450 Page 4
 • Penetration testing is usually conducted by independent contractor, outside
the security perimeter, and may disrupt network operations
• Penetration testing produces a penetration test report
• Penetration testing can use three different techniques: black box, white box,
and gray box
• Black box test uses no prior knowledge of network infrastructure
• White box test uses in-depth knowledge of network and systems being
tested
• Gray box test uses some limited information provided to the tester
• Penetration testing can use two methods of information gathering: active and
passive reconnaissance
• Active reconnaissance probes the system to find information
• Passive reconnaissance uses tools that do not raise alarms
• After gathering information, penetration testing performs an initial
exploitation to enter the secure network
• Inside the network, penetration testing attempts to perform a pivot (moving
around) and privilege escalation (accessing higher level resources)
• Penetration testing relies on persistence to probe and exploit weaknesses

Secure Methodology

i. Creating Security Posture

• Security posture describes an approach, philosophy, or strategy
regarding security
• Elements that make up a security posture include:
i. Initial baseline configuration
ii. Standard security checklist
iii. Systems evaluated against baseline
iv. Continuous security monitoring
v. Remediation
• Continuous security monitoring regularly observes systems and networks
• Remediation puts a plan in place to address vulnerabilities as they are
exposed
ii. Selecting and Configuring Controls
• Properly configuring controls is key to mitigating and deterring attacks
• Controls can be for detection (e.g., security camera) or prevention (e.g.,
security guard)
• Information security controls can detect or prevent attacks
• Additional consideration is whether security or safety is higher priority
when a normal function is interrupted by failure
• Fail-open lock unlocks doors automatically upon failure
Fail-safe lock locks doors automatically upon failure

ITT450 Page 5
 • Fail-safe lock locks doors automatically upon failure
• Firewall can be configured in fail-safe or fail-open state
iii. Hardening
• To eliminate security risks
• Types of hardening techniques:
i. Protecting accounts with passwords
ii. Disabling unnecessary accounts
iii. Disabling unnecessary services
iv. Protecting management interfaces and applications
iv. Reporting
• Providing information on events that occur is important for taking action
• Alarms or alerts sound warning if specific situation is occurring (e.g., too
many failed password attempts)
• Reporting can provide information on trends that can indicate a serious
impending situation (e.g., multiple user accounts experiencing multiple
password attempts)

ITT450 Page 6