Advanced Cyber: Ch 13: Vulnerability Assessment & Data Security
risk associated with use of private data
1)Individual inconveniences & identity theft 2) Associations with groups 3) statistical inferences
Netcat
A command-line alternative to Nmap with additional features scanning for vulnerabilities.
vulnerability appraisal
A current snapshot of the security of an organization.
vulnerability scanner
A generic term that refers to products that look for vulnerabilities in networks or systems.
honeynet
A network set up with intentional vulnerabilities. Its purpose is to invite attacks so that the attacker's methods can be studied.
Nmap
A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner. Nmap is a GUI utility.
Active Reconnaissance
A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information on the target.
password cracker
A program that uses the file of hashed passwords and then attempts to break the hashed passwords offline.
intrusive vulnerability scan
A scan that attempts to penetrate the system in order to perform a simulated attack.
non-credentialed vulnerability scan
A scan that does not use credentials (username and password) to conduct an internal vulnerability assessment.
credentialed vulnerability scan
A scan that provides credentials (username and password) to the scanner so that tests for additional internal vulnerabilities can be performed.
non-intrusive vulnerability scan
A scan that uses only available information to hypothesize the status of the vulnerability.
exploitation framework
A structure of exploits and monitoring tools used to replicate attacks during a vulnerability assessment.
Vulnerability assessment
A systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm.
Gray box
A test where some limited information has been provided to the tester.
Passively testing security controls
A vulnerability scan that does not attempt to exploit any weaknesses that it finds but only reports back what it uncovers.
identify common misconfigurations
A vulnerability scan that looks for misapplied settings in hardware and software.
Identify lack of security controls
A vulnerability scan that looks for missing controls to establish a secure framework.
Identify Vulnerabilities
A vulnerability scan that looks to identify security weaknesses in a system.
passive scanner
A vulnerability scanner that can identify the current software operating systems and applications being used on the network, and indicate which devices might have a vulnerability. Can't take action to resolve security problems.
active scanner
A vulnerability scanner that sends "probes" to network devices and examine the responses received back to evaluate whether a specific device needs remediation. Can be used to simulate a network attack. Some can take to resolve specific security issues.
closed port
A(n) ____ indicates that no process is listening at this port.
open port
A(n) ____ means that the application or service assigned to that port is listening for any instructions.
penetration testing (pentest)
An authorized, network hacking process that will identify real world weaknesses in network security and document the findings.
vulnerability scan
An automated software search through a system for any known security weaknesses that then creates a report of those potential exposures.
Passive Reconnaissance
An information gathering technique in penetration testing where the pentester uses tools and techniques that make detection of activity difficult. The information is gathered without the target's knowledge and usually consists of open, available, and legal-to-acquire sources.
data sensitivity labeling
Applying the correct category to data to ensure proper data handling.
Open-Source Intelligence (OSINT)
Before carrying out an attack, a threat actor will typically gather open-source intelligence (OSINT) about their target. OSINT is information that is readily available to the public and doesn't require any type of malicious activity to obtain. Used in black & gray box testing.
risk assessment
Determining the damage that would result from an attack and the likelihood that the vulnerability is a risk to the organization.
legal and compliance issues
Following the requirements of legislation, prescribed rules and regulations, specified standards, or the terms of a contract.
Banner Grabbing
Gathering information from messages that a service transmits when another program connects to it.
wireless cracker
Hardware or software that tests the security of a wireless LAN system by attempting to break its protections of Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access 2 (WPA2).
Data Retention
How long data must be kept and how it is to be secured.
threat evaluation
Identify what the pressures are against the company. Not limited to attackers, can include natural disasters, human error, hardware failures, etc.
Examples of vulnerability assessment tools
Include but are not limited to port scanners, protocol analyzers, vulnerability scanners, honeypots and honeynets, banner grabbing tools, crackers, and command line tools
Command Line Tools
Nslookup/dig, ARP, Ipconfig/Ifconfig, tcpdump ,nmap, netcat
wiping
Overwriting disk space with zeros or random data.
protocol analyzers
Protocol analyzers can be hardware- or software-based. Their primary function is to analyze network protocols such as TCP, UDP, HTTP, FTP, and more.
risk mitigation
Reducing the impact of a risk event by reducing the probability of its occurrence
Degaussing
The process of removing or rearranging the magnetic field of a disk in order to render the data unrecoverable
data sanitation tools
Tools that can be employed to securely remove data from electronic media.
port scanners
Tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information.
initial exploitation
Using information acquired to determine if it provides entry to the secure network.
honeypot
Vulnerable computer that is set up to entice an intruder to break into it. Intended to trick attackers into revealing their attack techniques
pulping
breaking paper media back into wood cellulose fibers after the ink is removed
persistence
endurance or "doggedness"/determination to continue to probe for weaknesses and exploit them
pulverizing
hammering paper records into dust
pivot
once inside the network, the tester attempts to move around inside the network to other resources. The pentester's goal is privilege escalation.
Asset identification
process of inventorying any item that has a positive economic value. (can include people, physical assets such as buildings, and IT assets - employee databases, inventory records, hardware, software, etc.)
hardening
purpose of hardening is to eliminate as many security risks as possible; hardening techniques include: protecting accounts with passwords; disabling unnecessary accounts; disabling unnecessary services; protecting management interfaces and applications
blocked port
the host system does not reply to any inquiries to this port number
privacy
the state or condition of being free from being observed or disturbed by other people.
Whitebox testing
the tester has an in-depth knowledge of the network and systems being testing, including network diagrams, IP addresses, and source code of custom applications.
Black Box Testing
the tester has no prior knowledge of the network infrastructure being tested
steganography assessment tools
tools that can be used to determine if the data is hidden well enough to thwart unauthorized users from finding the data
purging
using the operating system "delete" key to remove data files on electronic media... not an effective way to destroy data