Vulnerability Analysis - Ethical Hacking

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Vulnerability Research What are the four (4) topics system administrators need to research in order to protect a network environment?

- security trends, threats, attack surfaces/vectors, techniques - discover weakness in OS/apps before they are attacked - gather info to aid in order to prevent security issues - know how to recover from network attack

Vulnerability Assessment Reports What are the names of the report sections? EAFRR

Executive Summary Assessment Overview Findings Risk Assessments Recommendations

Vulnerability Management Life Cycle What is the goal in the Pre-Assessment?

Identify Assets Create a Baseline Examples: • Understand Business • understand business processes • identify app, data, services that support business • identify approved SW, drivers & basic config • create inv of all assets, and prioritize/rank critical assets • understand network architecture, map network infrastructure • identify controls already in place • understand policy implementation & standards compliance • define scope of assessment • create info protection procedures to support effective planning, scheduling

Vulnerability Research What are the two (2) exploit ranges?

Local Remote

Vulnerability Research What are the three (3) severity levels?

Low Medium High

Vulnerability Assessment What information does a vulnerability scanner obtain?

Network vulnerabilities Open/Running Ports App/Services vulnerabilities & Configuration errors

Vulnerability Management Life Cycle What is the goal in the Vulnerability Assessment phase?

Perform Vulnerability Scan Examples • Examine physical security • Check for misconfigurations • Run Vulnerability Scan • Select type of scan (based on org) • Identify & Prioritize Vulnerabilities • Identify False Pos & False Neg • Apply Business & Tech context scanner • Perform OSINT to validate vulnerabilities

Vulnerability Management Life Cycle What are the three (3) Vulnerability Mgmt Life Cycle stages?

Pre-Assessment Vulnerability Assessment Post Assessment

Vulnerability Management Life Cycle What is the goal in the Post Assessment phase?

Risk Assessment Remediation Verification Monitoring

Vulnerability Research What does it mean to research vulnerabilities?

analyzing protocols, services & configurations to discover vulnerabilities/flaws to avoid being attacked, exploited

Vulnerability Assessment Reports What is the goal or purpose of the VAR?

disclose risks alert organization of possible attacks provide suggested countermeasures information used to fix security flaws

Vulnerability Assessment Tools What is Nessus Pro?

identifies vulnerabilities configuration issues malware

Vulnerability Assessment What is the goal of Vulnerability Assessment?

identify weakness that could be exploited predict effectiveness, acquiring protection information

Vulnerability Assessment What is a Vulnerability Assessment?

in-depth examination of the ability of the system/app/network

Vulnerability Assessment Tools What is GFI LanGuard?

scans, detects, assesses, fixes security vulnerabilities in networked devices

Vulnerability What is a vulnerability? and what are some examples?

weakness in an asset, can be exploited by threat agents • HW/SW misconfigurations • poor design of network/app • inherent technology weakness • sysadmin, careless approach of end users

Types of Vulnerability Assessment What are the different types of Vulnerability Assessments?

• Active • Passive • External • Internal • Host-Based • Network-Based • Application • Database • Wireless • Distributed • Credentialed • Non-Credentialed ---------------------- • Manual • Automated

Vulnerability Classifications What are the different vulnerability classifications?

• Misconfiguration/Weak Config • Application Flaws • Poor Patch Management • Design Flaws • OS Flaws • Default Installations • Default Passwords • Zero-Day Vulnerabilities • Legacy Platform Vulnerabilities • Improper Certs • Undocumented Assets


Ensembles d'études connexes

Perry Chapter 31: The Infant and Family

View Set

NUR 313 Documentation, Reporting, Conferring

View Set

802 - Chapter 29: Securing Computers

View Set

CWTS-2-Introduction to Wireless Local Area Networking

View Set