Vulnerability Assesment
Download as PPTX, PDF6 likes3,937 views
The document discusses technical vulnerability management and outlines the key steps in the NIST Risk Management Framework that include vulnerability analysis. It also covers establishing an effective Patch and Vulnerability Group to monitor for vulnerabilities, prioritize remediation, and deploy patches. Finally, it provides examples of different types of vulnerability analysis tools including network scanners, host scanners, and web application scanners.
Ad
More Related Content
What's hot (20)
Viewers also liked (20)
Ad
Similar to Vulnerability Assesment (20)
Ad
More from Dedi Dwianto (6)
Vulnerability Assesment
- 1. Vulnerability Assesment Network Security Workshop Dedi Dwianto, C|EH, OSCP Daftar ISI
- 2. 2 Contents Technical Vulnerability Management Vulnerability analysis tools
- 3. 3 Technical Vulnerability Management vulnerability analysis and assessment is an important element of each required activity in the NIST Risk Management Framework (RMF). This RMF comprises six steps, into each of which vulnerability analysis and assessment is to be integrated:
- 4. 4 Technical Vulnerability Management Step 1: Categorize Information Systems. Step 2: Select Security Controls Step 3: Implement Security Controls. Step 4: Assess Security Controls. Step 5: Authorize Information Systems. Step 6: Monitor Security Controls.
- 5. 5 Technical Vulnerability Management To reduce risks resulting from exploitation of published technical vulnerabilities. Technical vulnerability management should be implemented in an effective, systematic, and repeatable way with measurements taken to confirm its effectiveness. These considerations should include operating systems, and any other applications in use.
- 6. 6 Technical Vulnerability Management A current and complete inventory of assets is a prerequisite for effective technical vulnerability management. Specific information needed to support technical vulnerability management includes the software vendor, version numbers, current state of deployment (e.g. what software is installed on what systems), and the person(s) within the organization responsible for the software.
- 7. 7 Technical Vulnerability Management The following guidance should be followed to establish an effective management process for technical vulnerabilities the organization should define and establish the roles and responsibilities associated with technical vulnerability management, including vulnerability monitoring, vulnerability risk assessment, patching, asset tracking, and any coordination responsibilities required;
- 8. 8 Technical Vulnerability Management information resources that will be used to identify relevant technical vulnerabilities and to maintain awareness about them should be identified for software and other technology a timeline should be defined to react to notifications of potentially relevant technical vulnerabilities; once a potential technical vulnerability has been identified, the organization should identify the associated risks and the actions to be taken; such action could involve patching of vulnerable systems and/or applying other controls;
- 9. 9 Technical Vulnerability Management depending on how urgently a technical vulnerability needs to be addressed, the action taken should be carried out according to the controls related to change management a timeline should be defined to react to notifications of potentially relevant technical vulnerabilities; an audit log should be kept for all procedures undertaken systems at high risk should be addressed first.
- 10. 10 The Patch and Vulnerability Group The PVG should be a formal group that incorporates representatives from information security and operations. These representatives should include individuals with knowledge of vulnerability and patch management, as well as system administration, intrusion detection, and firewall management.
- 11. 11 The duties of the PVG Create a System Inventory. Monitor for Vulnerabilities, Remediations, and Threats. Prioritize Vulnerability Remediation. Create an Organization-Specific Remediation Database Conduct Generic Testing of Remediations. Deploy Vulnerability Remediations. Distribute Vulnerability and Remediation Information to Local Administrators. Perform Automated Deployment of Patches.
- 12. 12 The duties of the PVG Configure Automatic Update of Applications Whenever Possible and Appropriate. Verify Vulnerability Remediation Through Network and Host Vulnerability Scanning. Vulnerability Remediation Training.
- 13. 13 Report Organization Section1 Introduction to purpose, organization, scope, and assumptions for this Report. Section 2 Overview of automated vulnerability assessment tools—including descriptions of the various types of automated vulnerability assessment tools currently available Section 3 Catalogue of descriptions of current vulnerability assessment tools, categorized by type. Section 4 Representative listing of vulnerability assessment tools Section 5 List of resources to additional detailed information about IT and network vulnerability assessment and assessment tools.
- 14. 14 Vulnerability Analysis tools Vulnerability assessment tools generally work by attempting to automate the steps often employed to exploit vulnerabilities: they begin by performing a “footprint” analysis to determine what network services and/or software programs (including versions and patch levels) run on the target. Vulnerability assessment tools help in that integration, by automating the detection, identification, measurement, and understanding of vulnerabilities found in ICT components at various levels of a target ICT system or infrastructure.
- 15. 15 Vulnerability Analysis tools Most vulnerability assessment tools are capable of scanning a number of network nodes, including networking and networked devices (switches, routers, firewalls, printers, etc.), as well as server, desktop, and portable computers. The type and level of detail of a vulnerability assessment tool’s findings varies from tool to tool.
- 16. 16 Tool type Network Scanners Host Scanners Database Scanners Web Application Scanners Multilevel Scanners Automated Penetration Test Tools Vulnerability Scan Consolidators
- 17. 17 Network Scanners Assuria Auditor and Auditor RA Infiltration Systems Infiltrator for Home Users Microsoft® Attack Surface Analyzer NileSOFT Secuguard SSE Numara® Vulnerability Manager SoftRun Inciter Vulnerability Manager ThreatGuard® Secutor
- 18. 18 Host Scanners Beyond Security® Automated Vulnerability Detection System Host Scanners Black Falcon/Net Security Suite Falcon Vulnerability Analysis DragonSoft Vulnerability Management eEye® Retina® Network Fortinet® FortiScan 4.1.0 FuJian RongJi RJ-iTOP GFI LANguard®
- 19. 19 Database Scanners Application Security AppDetectivePro DBAPPSecurity MatriXay 3.6 Fortinet FortiDB Imperva® Scuba McAfee Repscan and McAfee Vulnerability Manager for Databases NGSSecure NGS SQuirreL Safety-Lab Shadow Database Scanner
- 20. 20 Web Application Scanners Acunetix® Web Vulnerability Scanner Casaba Watcher 1.5.1 Cenzic® Hailstorm® Enterprise Application Risk Controller eEye Retina Web Grabber Mavutina Netsparker® HP WebInspect®
- 21. 21 Multilevel Scanners Integrigy AppSentry Open Vulnerability Assessment System 4 SAINT® Professional and SAINT® Enterprise Symantec® Control Compliance Suite: Vulnerability Manager Tenable® Nessus® Venusense Vulnerability Scanning and Management System
- 22. 22 AUTOMATED PENETRATION TEST TOOLS Arachni CORE IMPACT® Pro CORE INSIGHT Enterprise Google® Skipfish Immunity® CANVAS® Professional Rapid7® Metasploit® Rapid7 NeXpose
- 23. 23 Monitoring Vulnerabilities Vendor Web sites and mailing lists Third-party Web sites Third-party mailing lists and newsgroups Vulnerability scanners Vulnerability databases Enterprise patch management tools Other notification tools.
- 24. 24 Monitoring Vulnerabilities http://web.nvd.nist.gov/ http://secunia.com http://www.exploit-db.com/