Vulnerability Analysis - Ethical Hacking
Vulnerability Research What are the four (4) topics system administrators need to research in order to protect a network environment?
- security trends, threats, attack surfaces/vectors, techniques - discover weakness in OS/apps before they are attacked - gather info to aid in order to prevent security issues - know how to recover from network attack
Vulnerability Assessment Reports What are the names of the report sections? EAFRR
Executive Summary Assessment Overview Findings Risk Assessments Recommendations
Vulnerability Management Life Cycle What is the goal in the Pre-Assessment?
Identify Assets Create a Baseline Examples: • Understand Business • understand business processes • identify app, data, services that support business • identify approved SW, drivers & basic config • create inv of all assets, and prioritize/rank critical assets • understand network architecture, map network infrastructure • identify controls already in place • understand policy implementation & standards compliance • define scope of assessment • create info protection procedures to support effective planning, scheduling
Vulnerability Research What are the two (2) exploit ranges?
Local Remote
Vulnerability Research What are the three (3) severity levels?
Low Medium High
Vulnerability Assessment What information does a vulnerability scanner obtain?
Network vulnerabilities Open/Running Ports App/Services vulnerabilities & Configuration errors
Vulnerability Management Life Cycle What is the goal in the Vulnerability Assessment phase?
Perform Vulnerability Scan Examples • Examine physical security • Check for misconfigurations • Run Vulnerability Scan • Select type of scan (based on org) • Identify & Prioritize Vulnerabilities • Identify False Pos & False Neg • Apply Business & Tech context scanner • Perform OSINT to validate vulnerabilities
Vulnerability Management Life Cycle What are the three (3) Vulnerability Mgmt Life Cycle stages?
Pre-Assessment Vulnerability Assessment Post Assessment
Vulnerability Management Life Cycle What is the goal in the Post Assessment phase?
Risk Assessment Remediation Verification Monitoring
Vulnerability Research What does it mean to research vulnerabilities?
analyzing protocols, services & configurations to discover vulnerabilities/flaws to avoid being attacked, exploited
Vulnerability Assessment Reports What is the goal or purpose of the VAR?
disclose risks alert organization of possible attacks provide suggested countermeasures information used to fix security flaws
Vulnerability Assessment Tools What is Nessus Pro?
identifies vulnerabilities configuration issues malware
Vulnerability Assessment What is the goal of Vulnerability Assessment?
identify weakness that could be exploited predict effectiveness, acquiring protection information
Vulnerability Assessment What is a Vulnerability Assessment?
in-depth examination of the ability of the system/app/network
Vulnerability Assessment Tools What is GFI LanGuard?
scans, detects, assesses, fixes security vulnerabilities in networked devices
Vulnerability What is a vulnerability? and what are some examples?
weakness in an asset, can be exploited by threat agents • HW/SW misconfigurations • poor design of network/app • inherent technology weakness • sysadmin, careless approach of end users
Types of Vulnerability Assessment What are the different types of Vulnerability Assessments?
• Active • Passive • External • Internal • Host-Based • Network-Based • Application • Database • Wireless • Distributed • Credentialed • Non-Credentialed ---------------------- • Manual • Automated
Vulnerability Classifications What are the different vulnerability classifications?
• Misconfiguration/Weak Config • Application Flaws • Poor Patch Management • Design Flaws • OS Flaws • Default Installations • Default Passwords • Zero-Day Vulnerabilities • Legacy Platform Vulnerabilities • Improper Certs • Undocumented Assets