COMPTIA SECURITY+: CHAPTER 5

Security Assessment and Testing

What it does:
✓ Identifies vulnerabilities in your systems, like software
bugs or weak configurations.
✓ Prioritizes these vulnerabilities based on their severity
and potential impact.
✓ Helps you fix the most critical vulnerabilities first, like
patching the back door.
Why it's important:
✓ No system is perfect, and new vulnerabilities are
discovered all the time.
✓ By finding and fixing vulnerabilities, you make it
harder for attackers to break in.
✓ A good vulnerability management program is essential
for any organization.
 Vulnerability Management:

✓Regularly checks systems for weaknesses

like software bugs or misconfigurations.
✓Prioritizes vulnerabilities based on
severity and potential impact.
✓Helps fix critical vulnerabilities first, like
patching security holes.
✓ Essential for any organization
because new vulnerabilities are
constantly discovered.
 Identifying Scan Targets:
✓ Not all systems need the same level of security, like
different security needs for rooms in a building.
✓ Prioritize systems based on:
o Data classification: How sensitive is the information
stored?
o Network exposure: Is it connected to the internet or
public networks?
o Services offered: What services does the system run
(e.g., email, web server)?
o System type: Is it used for everyday operations
(production) or testing (development)?

✓ Automated tools discover and map connected

systems, ensuring no system is missed during
scans.
 Determining Scan Frequency:
✓ Cybersecurity professionals rely on automation for
efficient performance.
✓ Vulnerability scanning tools allow automated scheduling
of scans.
✓ Factors influencing scan frequency:
o Organization's risk appetite
o Regulatory requirements (e.g., PCI DSS, FISMA)
o Technical constraints
o Business constraints
o Licensing limitations
✓ Balancing considerations is crucial for vulnerability
scanning program planning.
✓ Starting with smaller scopes and gradually
increasing frequency is advisable to prevent
overwhelming infrastructure or systems.
Configuring Vulnerability Scans:

✓ Schedule automated scans and generate reports.

✓ Customize types of checks performed by the scanner.
✓ Provide credentials for accessing target servers.
✓ Install scanning agents on target servers.
✓ Conduct scans from different network perspectives.

✓ Regularly review and update scanner configurations to

ensure they meet current needs.
 Vulnerability Scan Configuration:

✓ Scan sensitivity level:

o Determines types of checks performed by the scanner.
o Customize to meet scan objectives and minimize
disruptions.
✓ Scan templates:
o Start with pre-built templates or create custom
templates.
o Save common configurations as templates for future
scans.
 Vulnerability Scan Configuration:

✓ Scan efficiency:
o Configure specific plug-ins to run based on your
needs.
o Disable unnecessary plug-ins to improve speed and
reduce false positives.
o For example, if you don't use Amazon Linux, disable
related checks.
✓ Intrusive plug-ins:
o Perform tests that might disrupt production systems.
o Balance the need for thorough scans with avoiding
o disruption.
o Consider testing on a separate environment
first before running on production.
 Supplementing Network Scans:

✓ Network scans:
o Simulate attacker perspective, but firewalls and
controls might affect results.
o May not confirm vulnerabilities, leading to false
positives.
✓ Supplementing network scans:
o Credentialed scans:
▪ Use credentials to access servers and verify
configurations.
▪ Improves scan accuracy by checking for fixes like
OS updates.
▪ Use least privilege principle with read-only
accounts to minimize risk.
 Supplementing Network Scans:

✓ Agent-based scanning:
o Install agents on servers for "inside-out" scans.
o Provides additional vulnerability information.
o Use cautiously due to potential performance or
stability concerns.
▪ Start with a small pilot deployment before wider
use.
 Scan Perspectives in Vulnerability
Management:

✓ Multiple perspectives offer different views of

vulnerabilities:
o External scan: Simulates attacker perspective from
outside the organization (internet).
o Internal scan: Simulates malicious insider perspective
from within the network.
o Datacenter/Agent scan: Provides the most accurate
view by bypassing network controls.
 Scan Perspectives in Vulnerability
Management:
✓ Security controls can affect scan results:
o Firewalls, network segmentation, IDS/IPS can block
vulnerabilities from being detected.
✓ Compliance examples:
o PCI DSS requires both internal and external scans by
approved vendors.
✓ Vulnerability management platforms:
o Manage different scanners and consolidate results
from various sources.
 Vulnerability Scanner Maintenance:
✓Regularly maintain scanners to ensure:
o Up-to-date scanning software
o Up-to-date vulnerability feeds
✓Scanners offer automatic updates, but
manual verification is recommended.
 Scanner Software:
✓Vulnerabilities in scanning systems exist.
o Regular patching of scanner software is
crucial for protection.
o Patching addresses scanner-specific
vulnerabilities and improves scan
quality.
 Vulnerability Plug-in Feeds:
✓Security researchers discover
vulnerabilities regularly.
✓Scanner effectiveness depends on frequent
plug-in updates.
✓Administrators should configure scanners
to retrieve new plugins daily.
 Security Content Automation
Protocol (SCAP):
✓SCAP aims to standardize security-related
information exchange.
✓SCAP standards include:
o Common Configuration Enumeration (CCE)
o Common Platform Enumeration (CPE)
o Common Vulnerabilities and Exposures (CVE)
o Common Vulnerability Scoring System (CVSS)
o Extensible Configuration Checklist Description
Format (XCCDF)
o Open Vulnerability and Assessment
Language (OVAL)
 Vulnerability Scanning Tools:
✓Essential tools for cybersecurity toolkit.
✓Include network, application, and web
application scanners.
✓Used for preventive scanning, testing, and
identification of vulnerabilities.
Infrastructure Vulnerability Scanning:
✓Network vulnerability scanners probe
network-connected devices.
✓Identify device type, configuration, and
known vulnerabilities.
✓Examples include Nessus, Qualys, Rapid7's
Nexpose, and OpenVAS.
 Application Scanning:
✓Analyzes custom-developed software for
security vulnerabilities.
✓Techniques include static, dynamic, and
interactive testing.
✓Integral part of software development
process, ensuring clean tests before
production release.
 Web Application Scanning:
✓Specialized tools for examining web
application security.
✓Test for vulnerabilities like SQL injection,
XSS, and CSRF.
✓Combines network scans with detailed
probing of web applications.
✓Examples include Nikto and Arachni for
open source, and commercial products
like Acunetix.
Reviewing and Interpreting Scan Reports:

✓Reports provide detailed information

about identified vulnerabilities.
✓Helps analysts interpret and prioritize
response actions.
 Understanding CVSS:
✓Common Vulnerability Scoring System
(CVSS) assesses severity.
✓Rates vulnerabilities on exploitability and
impact measures.
✓Used by analysts to prioritize response
actions.
 CVSS Metrics:
✓Attack Vector, Attack Complexity,
Privileges Required, User Interaction,
Confidentiality, Integrity, Availability, and
Scope.
✓Each metric assesses different aspects of
vulnerability exploitation.
 Interpreting the CVSS Vector:
✓Single-line format conveying ratings of
vulnerability on all metrics.
✓Summarizing CVSS Scores:
o CVSS vector provides detailed risk
information but can be complex.
o Analysts calculate CVSS base score for
overall vulnerability risk assessment.
o Base score derived from other CVSS
component scores.
 CALCULATING THE IMPACT SUB-
SCORE (ISS)
✓ ISS = 1 - [( 1 - Confidentiality) * (1 - Availability) * ( 1 - Integrity)]
 CALCULATING THE IMPACT SCORE
✓if Scope is "Unchanged":
6.42 * ISS

✓if Scope is "Changed":

7.52 * (ISS - 0.029) - 3.25 * ( ISS -0.02)^15
 CALCULATING THE EXPLOITABILITY
SCORE

✓Exploitability = 8.22 * AV * AC * PR * UI
o Attack Vector
o Attack Complexity
o Privileges Required
o User Interaction
 Vulnerability Scanner Security:

✓Scanners are not immune to

vulnerabilities themselves.
✓Regularly patch scanner software to:
o Protect against scanner-specific
vulnerabilities.
o Fix bugs and improve scan quality.