Chapter 15: Vulnerability Assessment

Interconnection Security Agreement (ISA)

Agreement intended to minimize security risks for data transmitted across a network

Interoperability agreement

An agreement through which parties in a relationship can reach an understanding of their relationship and responsibilities

Design review

An analysis of the design of a software program by key personnel from different levels of the project

Design

Analysis of design of software program conducted by personnel from different levels of project

Support

As vulnerabilities uncovered necessary security updates are created and distributed

Intrusive vulnerability scan

Attempts to actually penetrate system in order to perform simulated attack

Vulnerability scan

Automated software searches a system for known security weaknesses Creates report of potential exposures

Baseline reporting

Comparison of present state of system to its baseline

Honeypot

Computer protected by minimal security and intentionally configured with vulnerabilities and contains bogus data files

Memorandum of Understanding (MOU)

Describes agreement between two or more parties

Penetration testing

Designed to exploit system weaknesses

Open Vulnerability and Assessment Language (OVAL)

Designed to promote open and publicly available security content Standardizes information transfer across different security tools and services

Vulnerability appraisal

Determine current weaknesses as snapshot of current organization security

Risk assessment

Determine damage resulting from attack and assess likelihood that vulnerability is risk to organization

Risk mitigation

Determine what to do about risks Risk can never be entirely eliminated; would cost too much or take too long

Hardening

Eliminate as many security risks as possible

Verification

Errors identified and corrected

Vulnerability scanner

Generic term for range of products that look for vulnerabilities in networks or systems. Intended to identify vulnerabilities and alert network administrators to these problems

Threat modeling

Goal of understanding attackers and their methods

Protocol analyzers

Hardware or software that captures packets to decode and analyze contents

Baseline

Imaginary line by which an element is measured or compared; can be seen as standard

Port security

Implement by disabling unused application/service ports to reduce number of threat vectors

Code review

In software development, presenting the code to multiple reviewers in order to reach agreement about its security

Architectural design

In software development, the process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development

Requirements

List of features needed along with guidelines for maintaining quality

Threat evaluation

List potential threats from threat agent

Banner

Message that service transmits when another program connects to it.

Honeynet

Network set up with intentional vulnerabilities and honeypots

Blanket Purchase Agreement (BPA)

Prearranged purchase or sale agreement between a government agency and a business

Implementation

Presenting code to multiple reviewers to reach agreement about its security

Asset identification

Process of inventorying items with economic value

Techniques to harden systems

Protecting accounts with passwords, Disabling unnecessary accounts, Disabling unnecessary services, Protecting management interfaces and applications

Attack tree

Provides visual representation of potential attacks as inverted tree structure

Third-party integration

Risk of combining systems and data with outside entities, continues to grow

Non-credentialed vulnerability scans

Scanners that do not use credentials

Credentialed vulnerability scan

Scanners that permit username and password of active account to be stored and used

Xmas tree port scan

Sending a packet with every option set to on for whatever protocol is in use to observe how a host responds

Service Level Agreement (SLA)

Service contract between a vendor and a client

Port scanner

Software can be used to search system for port vulnerabilities. Used determine state of port to know what applications/services are running Three port states:

Release

Software shipped

Gray box test

Some limited information has been provided to the tester

On-boarding

Start-up relationship between partners

Vulnerability assessment

Systematic and methodical evaluation of exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm

Port number

TCP/IP numeric value as identifier to applications and services on systems Each packet/datagram contains source port and destination port

Off-boarding

Termination of agreements

White box test

Tester has in-depth knowledge of network and systems being tested

Black box test

Tester has no prior knowledge of network infrastructure

Attack surface

The code that can be executed by unauthorized users in a software program

Non-intrusive vulnerability scan

Uses only available information to hypothesize status of the vulnerability

Banner grabbing

When program used to intentionally gather this information. Can be done by using Telnet to create connection with host and then querying each port