Scribd
Upload
28 views

7.0 Vulnerability Management

Uploaded by

rsegrest
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
28 views

7.0 Vulnerability Management

Uploaded by

rsegrest
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 106

CHAPTER

7
Vulnerability
Management

TESTOUT CYBERDEFENSE PRO


7.1
VULNERABILITY
MANAGEMENT

Vulnerability
Assessment

TESTOUT CYBERDEFENSE PRO


Section Skill Overview
Conduct vulnerability scans

TESTOUT CYBERDEFENSE PRO


Key Terms
Active assessment
Passive assessment
Internal assessment

TESTOUT CYBERDEFENSE PRO


Key Definitions
Active assessment: A network evaluation that is obtained by actively
testing the network for weaknesses.
Passive assessment: A network evaluation that is obtained by looking
for weaknesses through observation with no direct network interaction.
Internal assessment: A network evaluation that is obtained by testing
and analyzing processes and systems inside the network.

TESTOUT CYBERDEFENSE PRO


Vulnerability Assessment

ESTOUT CYBERDEFENSE PRO


Vulnerability Assessment
Expected data
Active vs passive scanning
Scanning limitations
Assessment types
Vulnerability research
Identify weaknesses
Plan security measures

TESTOUT CYBERDEFENSE PRO


Expected Results
Open ports
App vulnerabilities
Configuration errors
Weak passwords

TESTOUT CYBERDEFENSE PRO


Vulnerability Assessment

TESTOUT CYBERDEFENSE PRO


Vulnerability Assessment

TESTOUT CYBERDEFENSE PRO


Vulnerability Assessment

TESTOUT CYBERDEFENSE PRO


Passive Assessment
Operating system
Current users

TESTOUT CYBERDEFENSE PRO


External Assessment
Network maps exist
External service devices
Web applications
Rule set for routers
Rule set for firewalls
External open ports
DNS zones

TESTOUT CYBERDEFENSE PRO


Internal Assessment
Physical security
Internal open ports
Viruses and malware
Remote management
Internal flaws and patches

TESTOUT CYBERDEFENSE PRO


Host-Based Assessment
Malicious users
Uneducated users
Vendors
Administrators
Databases
Firewalls
Files
Web servers
Configuration errors
TESTOUT CYBERDEFENSE PRO
Application Assessment
Input controls
Data processing

TESTOUT CYBERDEFENSE PRO


Wireless Assessment
Patching errors
Authentication problems
Encryption problems
Unnecessary services

TESTOUT CYBERDEFENSE PRO


Misconfigurations
Outdated software
Unnecessary services
Incorrect authentication
Disabled security
Debugging enabled

TESTOUT CYBERDEFENSE PRO


Default Settings
SSIDs
Admin passwords

TESTOUT CYBERDEFENSE PRO


Buffer Overflows
More data than coded for
Error checking

TESTOUT CYBERDEFENSE PRO


Vulnerability Assessment

TESTOUT CYBERDEFENSE PRO


Unpatched Servers
Fix bugs
Patch
Update software

TESTOUT CYBERDEFENSE PRO


Design Flaws
Broken authentication
Cross-site scripting
Insufficient logging
Incorrect encryption

TESTOUT CYBERDEFENSE PRO


Operating System Flaws
Viruses
Trojan horses
Worms through script
Undesirable software or code

TESTOUT CYBERDEFENSE PRO


Application Flaws
Validation
Authorization

TESTOUT CYBERDEFENSE PRO


Vulnerability Assessment

TESTOUT CYBERDEFENSE PRO


Open Services
Unsecure ports
Open ports
Unnecessary ports

TESTOUT CYBERDEFENSE PRO


Summary
Expected data
Active and passive scanning
Scanning limitations
Assessment types
Vulnerability research

TESTOUT CYBERDEFENSE PRO


Class Discussion
What are the top nine areas to research when conducting an assessment?
What are seven types of assessments?
What are the limitations of scans?
Why is vulnerability assessment important?

TESTOUT CYBERDEFENSE PRO


7.2
VULNERABILITY
MANAGEMENT

Vulnerability
Management
Life Cycle

TESTOUT CYBERDEFENSE PRO


Key Terms
Vulnerability assessment
Risk assessment
Remediation
Verification
Monitoring

TESTOUT CYBERDEFENSE PRO


Key Definitions
Vulnerability assessment: A phase of testing the network for
vulnerabilities.
Risk assessment: A phase of evaluating the found vulnerabilities for
threat level.
Remediation: A phase of patching, hardening, and correcting
weaknesses.
Verification: A phase of retesting the system to verify that patching and
hardening was effective.
Monitoring: A phase where continuous monitoring of systems is
implemented.

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

ESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Assessment
Best times to test
Best tools to use

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


PIan of Action
Control weaknesses
Protect information
Harden systems

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Vulnerability Management Life Cycle

TESTOUT CYBERDEFENSE PRO


Summary
Baseline creation
Vulnerability assessment
Risk assessment
Remediation
Verification
Recommendation

TESTOUT CYBERDEFENSE PRO


Vulnerability Solutions

ESTOUT CYBERDEFENSE PRO


Vulnerability Solutions

TESTOUT CYBERDEFENSE PRO


Vulnerability Solutions

TESTOUT CYBERDEFENSE PRO


Vulnerability Solutions

TESTOUT CYBERDEFENSE PRO


Vulnerability Solutions

TESTOUT CYBERDEFENSE PRO


Vulnerability Solutions

TESTOUT CYBERDEFENSE PRO


Vulnerability Solutions

TESTOUT CYBERDEFENSE PRO


Vulnerability Solutions

TESTOUT CYBERDEFENSE PRO


Summary
Product-based solutions
Service-based solutions
Tree-based assessments
Inference-based assessments
Vulnerability testing

TESTOUT CYBERDEFENSE PRO


Class Discussion
Why is it important to create a baseline before testing begins?
How important is the vulnerability assessment phase to the rest of the
cycle?
Why should you take the time to evaluate the threat levels of the results
of your assessment?
Which phase includes fixing weaknesses that are found?
Why would you retest the system after remediation?
Why is ongoing monitoring a valuable practice?

TESTOUT CYBERDEFENSE PRO


7.3
VULNERABILITY
MANAGEMENT

Vulnerability
Scoring
Systems

TESTOUT CYBERDEFENSE PRO


Key Terms
Common Vulnerability Scoring System (CVSS)
CVSS calculator
Cybersecurity and Infrastructure Security Agency (CISA)
National Vulnerability Database (NVD)
Full Disclosure

TESTOUT CYBERDEFENSE PRO


Key Definitions
Common Vulnerability Scoring System (CVSS): A system that
categorizes vulnerabilities by threat level.
CVSS calculator: A calculator for determining risk level of
vulnerabilities based on base, temporal, and environmental metrics.
Cybersecurity and Infrastructure Security Agency (CISA): A large
government-sponsored organization that provides many resources for
cybersecurity.
National Vulnerability Database (NVD): A government-sponsored,
detailed database of known vulnerabilities.

TESTOUT CYBERDEFENSE PRO


Key Definitions
Full Disclosure: A public, vendor-neutral forum for the discussion of
vulnerabilities and threats that often has the newest information. It also
has tools, papers, news, and events related to vulnerabilities and
threats.

TESTOUT CYBERDEFENSE PRO


Vulnerability Scoring Systems

ESTOUT CYBERDEFENSE PRO


Vulnerability Scoring Systems

TESTOUT CYBERDEFENSE PRO


Vulnerability Scoring Systems

TESTOUT CYBERDEFENSE PRO


CVSS Calculator Metrics
Base: unique traits
Temporal: changeable traits
Environmental: only present in certain environments

TESTOUT CYBERDEFENSE PRO


Common Vulnerabilities and Exposures
Standardized identifiers
cve.mitre.org
Evaluation baseline
Standardization
Assessment tools

TESTOUT CYBERDEFENSE PRO


National Vulnerability Database
nvd.nist.gov
More specific than CVE
Searchable

TESTOUT CYBERDEFENSE PRO


Cybersecurity and Infrastructure Security Agency
us-cert.gov
Information exchange
Training and exercises
Risk assessments
Data synthesis/analysis
Operational planning
Watch operations
Incident response

TESTOUT CYBERDEFENSE PRO


Common Weakness Enumeration
cwe.mitre.org
Community-developed
Common descriptions
Standardized assessment

TESTOUT CYBERDEFENSE PRO


Common Attack Pattern Enumeration and
Classification
capec.mitre.org
Dictionary of patterns
Multiple search criteria

TESTOUT CYBERDEFENSE PRO


Japanese Vulnerability Notes
Affected products
Possible impacts
Solutions
Vendor statements
Reference documents

TESTOUT CYBERDEFENSE PRO


Full Disclosure (Nmap)
Newest vulnerabilities
Vendor-neutral forum
Events of interest
seclists.org/fulldisclosure

TESTOUT CYBERDEFENSE PRO


Summary
CISA
NVD
CVE
CWE
CAPEC
JPCERT OR JVN
Full Disclosure

TESTOUT CYBERDEFENSE PRO


Class Discussion
Why is it helpful to use tools based on known vulnerability databases?
What are five helpful government-sponsored resources?
What is the value of a CVSS score to an ethical hacker?
What are the three metrics used to determine a CVSS score?

TESTOUT CYBERDEFENSE PRO


7.4
VULNERABILITY
MANAGEMENT

Vulnerability
Analysis

TESTOUT CYBERDEFENSE PRO


Section Skill Overview
Scan for vulnerabilities on a Windows workstation
Scan for vulnerabilities on a Linux server
Scan for vulnerabilities on a domain controller
Scan for vulnerabilities on a security appliance
Scan for vulnerabilities on a WAP

TESTOUT CYBERDEFENSE PRO


Key Terms
Vulnerability assessment tool
Open source tool
Vulnerability report
Remediation

TESTOUT CYBERDEFENSE PRO


Key Definitions
Vulnerability assessment tool: A service or program that tests systems
and devices for weaknesses that could be exploited.
Open source tool: A tool that is free to use and can be modified and
shared.
Vulnerability report: A report generated by a vulnerability assessment
tool that gives information such as weak passwords, open ports, and
lack of encryption. It also provides suggestions for remediation.
Remediation: The actions taken to patch, repair, fix, or harden
weaknesses in a network.

TESTOUT CYBERDEFENSE PRO


Vulnerability Assessment Tools

ESTOUT CYBERDEFENSE PRO


Qualys Vulnerability Management
Cloud-based
Good for large enterprises
Data is always encrypted
Only scanners in network

TESTOUT CYBERDEFENSE PRO


Nessus Professional
Resides on network
Smaller organizations
Comprehensive scanning
Reporting Remediation
Continuous monitoring

TESTOUT CYBERDEFENSE PRO


OpenVAS
50,000 tests
High-level protocols
Low-level protocols

TESTOUT CYBERDEFENSE PRO


Nikto
Finds outdated versions
Scans 6,000 files
Version-specific problems

TESTOUT CYBERDEFENSE PRO


Retina CS for Mobile
Scan
Prioritize
Fix vulnerabilities

TESTOUT CYBERDEFENSE PRO


SecurityMetrics Mobile
Unwanted app privileges
Mobile malware
Connectivity issues
Threats to storage
Unauthorized access

TESTOUT CYBERDEFENSE PRO


Nessus
Unauthorized
Non-compliant
Outdated Apple iOS
Unconnected

TESTOUT CYBERDEFENSE PRO


Net Scan
Vulnerabilities
Security flaws
Open ports

TESTOUT CYBERDEFENSE PRO


Network Scanner
Monitors network use
Creates autosaved reports
Can back up web storage

TESTOUT CYBERDEFENSE PRO


Assessment Reports
Scan information
Target information
Results
Target
Services
Classification
Assessment

TESTOUT CYBERDEFENSE PRO


Report Categories
Security vulnerability report
Security vulnerability summary

TESTOUT CYBERDEFENSE PRO


Summary
Network assessment tools
Mobile assessment tools
Assessment reports

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

ESTOUT CYBERDEFENSE PRO


Web App Scanners
Web crawling
Link discovery
Data analysis

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

TESTOUT CYBERDEFENSE PRO


Infrastructure Vulnerability Scanners
Networks
Internal systems
Applications

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

TESTOUT CYBERDEFENSE PRO


Vulnerability Scan Analysis

TESTOUT CYBERDEFENSE PRO


Summary
Vulnerability scanners
Web scanners
Infrastructure vulnerability scanners

TESTOUT CYBERDEFENSE PRO


In-Class Practice
Do the following labs:
7.4.7 Scan for Vulnerabilities on a Windows Workstation
7.4.8 Scan for Vulnerabilities on a Linux Server

TESTOUT CYBERDEFENSE PRO


Class Discussion
Why is it important to be familiar with assessment tools?
What are the top assessment tools for networks and mobile devices?
Why is it important to include mobile devices in your assessment
testing?
What information can you expect from vulnerability reports?

TESTOUT CYBERDEFENSE PRO

You might also like