Chapter 15: Vulnerability Assessment
Interconnection Security Agreement (ISA)
Agreement intended to minimize security risks for data transmitted across a network
Interoperability agreement
An agreement through which parties in a relationship can reach an understanding of their relationship and responsibilities
Design review
An analysis of the design of a software program by key personnel from different levels of the project
Design
Analysis of design of software program conducted by personnel from different levels of project
Support
As vulnerabilities uncovered necessary security updates are created and distributed
Intrusive vulnerability scan
Attempts to actually penetrate system in order to perform simulated attack
Vulnerability scan
Automated software searches a system for known security weaknesses Creates report of potential exposures
Baseline reporting
Comparison of present state of system to its baseline
Honeypot
Computer protected by minimal security and intentionally configured with vulnerabilities and contains bogus data files
Memorandum of Understanding (MOU)
Describes agreement between two or more parties
Penetration testing
Designed to exploit system weaknesses
Open Vulnerability and Assessment Language (OVAL)
Designed to promote open and publicly available security content Standardizes information transfer across different security tools and services
Vulnerability appraisal
Determine current weaknesses as snapshot of current organization security
Risk assessment
Determine damage resulting from attack and assess likelihood that vulnerability is risk to organization
Risk mitigation
Determine what to do about risks Risk can never be entirely eliminated; would cost too much or take too long
Hardening
Eliminate as many security risks as possible
Verification
Errors identified and corrected
Vulnerability scanner
Generic term for range of products that look for vulnerabilities in networks or systems. Intended to identify vulnerabilities and alert network administrators to these problems
Threat modeling
Goal of understanding attackers and their methods
Protocol analyzers
Hardware or software that captures packets to decode and analyze contents
Baseline
Imaginary line by which an element is measured or compared; can be seen as standard
Port security
Implement by disabling unused application/service ports to reduce number of threat vectors
Code review
In software development, presenting the code to multiple reviewers in order to reach agreement about its security
Architectural design
In software development, the process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development
Requirements
List of features needed along with guidelines for maintaining quality
Threat evaluation
List potential threats from threat agent
Banner
Message that service transmits when another program connects to it.
Honeynet
Network set up with intentional vulnerabilities and honeypots
Blanket Purchase Agreement (BPA)
Prearranged purchase or sale agreement between a government agency and a business
Implementation
Presenting code to multiple reviewers to reach agreement about its security
Asset identification
Process of inventorying items with economic value
Techniques to harden systems
Protecting accounts with passwords, Disabling unnecessary accounts, Disabling unnecessary services, Protecting management interfaces and applications
Attack tree
Provides visual representation of potential attacks as inverted tree structure
Third-party integration
Risk of combining systems and data with outside entities, continues to grow
Non-credentialed vulnerability scans
Scanners that do not use credentials
Credentialed vulnerability scan
Scanners that permit username and password of active account to be stored and used
Xmas tree port scan
Sending a packet with every option set to on for whatever protocol is in use to observe how a host responds
Service Level Agreement (SLA)
Service contract between a vendor and a client
Port scanner
Software can be used to search system for port vulnerabilities. Used determine state of port to know what applications/services are running Three port states:
Release
Software shipped
Gray box test
Some limited information has been provided to the tester
On-boarding
Start-up relationship between partners
Vulnerability assessment
Systematic and methodical evaluation of exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm
Port number
TCP/IP numeric value as identifier to applications and services on systems Each packet/datagram contains source port and destination port
Off-boarding
Termination of agreements
White box test
Tester has in-depth knowledge of network and systems being tested
Black box test
Tester has no prior knowledge of network infrastructure
Attack surface
The code that can be executed by unauthorized users in a software program
Non-intrusive vulnerability scan
Uses only available information to hypothesize status of the vulnerability
Banner grabbing
When program used to intentionally gather this information. Can be done by using Telnet to create connection with host and then querying each port