Chapter 5: Security Assessment and Testing

Ace your homework & exams now with Quizwiz!

Pen Testing Teams (3)

1. Red Team (the attackers who attempt to gain access to the systems) 2. Blue team (defenders who must secure systems and networks from attacks) 3. White team (observers and judges)

3 techniques of application scanning

1. Static Testing (analyzes code without executing it) 2. Dynamic Testing (executes code as part of the test, running all the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities) 3. Interactive Testing (combines static and dynamic testing, analyzing the source code while testers interact with the application through exposed interfaces)

2 key decisions when implementing encryption

1. The algorithm to use to perform encryption and decryption 2. The encryption key to use with that algorithm

Pen Testing Types (3)

1. White-Box Tests (tests performed with the full knowledge of the underlying technology, configurations, and settings that make up the target) 2. Black-box Tests (intended to replicate what an attacker would encounter -- attackers are not provided with access to or information about an environment) 3. Gray-box Tests (some information about the environment is known, but full access, credentials, or configuration details is not given to the tester)

Common Vulnerability Scoring System (CVSS)

A SCAP specification for communicating the characteristics of vulnerabilities and measuring their relative severity.

Extensible Configuration Checklist Description Format (XCCDF)

A language for specifying checklists and reporting checklist results

Open Vulnerability and Assessment Language (OVAL)

A language for specifying low0level testing procedures used by checklists

Nikto

A popular web application scanning tool

Arachni

A popular web application scanning tool (available for windows, mac, and Linux)

War Driving

An attacker drives by facilities in a car equipped with high-end antennas and attempt to eavesdrop on or connect to wireless networks

Telnet

An insecure protocol used to gain command-line access to a remote server

Risk apppetite

An organization's willingness to tolerate risk within the environment

Penetration Testing

Authorized, legal attempts to defeat an organization's security controls and perform unauthorized activities. These tests are time-consuming and require staff who are equally skilled and determined as the real-world attackers.

Attack vector metric

Describes how an attacker would exploit the vulnerability (physical, local, adjacent network, network)

Attack complexity metric

Describes the difficulty of exploiting the vulnerability (high, low)

Privileges required metric

Describes the type of account access that an attacker would need to exploit a vulnerability

Availability metric

Describes the type of availability disruption that might occur if an attacker successfully exploits the vulnerability

Confidentiality Metric

Describes the type of information disclosure that might occur if an attacker successfully exploits the vulnerabiility

CVSS Impact Sub-Score (ISS)

ISS = 1 - [(1 - Confidentiality) x (1 - Integrity) x (1 - Availability)]

Weak configuration settings

Open permissions Unsecured root accounts Errors Weak encryption settings Insecure protocol use Default settings Open ports and services

Common Platform Enumeration (CPE)

Provides a standard nomenclature for describing product names and versions

Common Vulnerabilities and Exposures (CVE)

Provides a standard nomenclature for describing security-related software flaws

Common Configuration Enumeration (CCE)

Provides a standard nomenclature for discussing system configuration issues

Common Vulnerability Scoring System (CVSS)

Provides a standardized approach for measuring and describing the severity of security-related software flaws

File Transfer Protocol (FTP)

Provides the ability to transfer files between systems but does not incorporate security features (should not be used)

Factors to consider when determining how often to conduct vulnerability scans

Risk appetite Regulatory requirements Technical constraints Business constraints Licensing limitations

Credentialed scan

Scan in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network.

Application Scanning

Scanner that analyzes custom-developed software to identify common security vulnerabilities

Infrastructure (Network) Vulnerability Scanning

Scanners capable of probing a wide range of network-connected devices for known vulnerabilities. They reach out to any systems connected to the network, attempt to determine the type of device and its configuration, and then launch targeted tests designed to detect the presence of any known vulnerabilities on those devices Ex: Tenable's Nessus, Qualys, Rapid7's Nexpose, OpenVAS (open source)

Web Application Scanning

Scanners used to examine the security of web applications. Test for web-specific vulnerabilities, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).

Secure Shel (SSH)

Secure replacement for Telnet when seeking to gain command-line access to a remote system

Secure File Transfer Protocol (SFTP) and FTP-Secure (FTPS)

Secure replacements for FTP when transferring files between systems

Agent-based scan

Vulnerability scan where the administrators install small software agents on each target server. These agents conduct scans of the server configuration, providing an "inside-out" vulnerability scan, and then report information back to the vulnerability management platform for analysis and reporting

Purple teaming (pen testing)

When the red and blue teams of a pen test exercise come together at the end to talk about lessons learned

Integrity metric

describes the type of information alteration that might occur if an attacker successfully exploits the vulnerability

User interaction metric

describes whether the attacker needs to involve another human in the attack

Scope metric

describes whether the vulnerability can affect system components beyond the scope of the vulnerability.


Related study sets

MGT 370: Chapter 04 Assignment: Managing Ethics and Social Responsibility

View Set

NCLEX Prep: Client Needs: Basic Care & Comfort

View Set

Lesson 18 - Equipment Grounding & Bonding

View Set

ADN 140 - PrepU - Focused Assessment 1

View Set