Security Assessments and Vulnerabilities

Questions and Answers

What is a significant risk associated with leaving a host with default configurations?

• Improved performance for users
• Enhanced system stability
• Greater compatibility with all software
• Increased vulnerability to attacks (correct)

Which type of vulnerability is exploited before it is publicly known?

• Zero-day (correct)
• Memory leak
• Race condition
• Resource exhaustion

What can improper error handling in software lead to?

• Faster processing times
• Increased user satisfaction
• Improved security measures
• Unauthorized access and system instability (correct)

Which of the following is a common issue related to encryption vulnerabilities?

Expired or improperly configured digital certificates (B)

In network architecture, why is it a concern if a web server is not isolated from offline databases?

It allows attackers to access sensitive databases more easily (A)

What type of vulnerability can a failure to manage private keys lead to?

Attackers impersonating organizations (B)

What is a consequence of a resource exhaustion vulnerability in software?

Crashes due to excessive resource consumption (B)

Which of the following best describes a race condition in software vulnerabilities?

Software fails to execute tasks sequentially as intended (B)

What is a common attack method that involves overwhelming a network with excessive traffic?

Denial of Service (DoS) (D)

Which of the following is NOT considered a common account vulnerability?

Multi-factor authentication (B)

What is typically the largest target for attackers within an organization?

Untrained users (D)

What is the primary purpose of a security assessment?

To test security controls for weaknesses (C)

Which statement best describes the role of a baseline in security assessments?

A baseline is a collection of security configurations for benchmarking (B)

What is a common consequence of not disabling unused accounts in an organization?

Potential unauthorized access (C)

Which vulnerability involves a lack of support for obsolete systems?

EOL processes (C)

What is often utilized to automatically identify configuration issues in a system?

Automated tools (D)

What is the primary goal of conducting code reviews during app development?

To identify vulnerabilities and improve security (B)

Which tool type is specifically used to determine the current state of open ports on a network?

Port scanner (D)

What distinguishes a credentialed scan from a non-credentialed scan?

It authenticates with the system being scanned (C)

Which aspect is NOT considered when assessing vulnerabilities according to the guidelines?

User access levels across the network (B)

What is meant by the term 'attack surface'?

All areas that are exposed and can be targeted by an attacker (D)

What does a honeypot do in the context of cybersecurity?

Redirect suspicious activity to isolated systems (A)

Which of the following is a common misconception about false positives?

They represent something incorrectly identified as a vulnerability (A)

What should be prioritized when configuring systems for security?

Creating custom configurations that reflect specific security needs (B)

What type of box testing method involves no reconnaissance?

Black Box Test (A)

Which tool type is specifically used to securely erase data from a storage medium?

Data Sanitization Tools (A)

What is the primary purpose of capturing a baseline of normal network traffic using Wireshark?

To establish a benchmark for future analysis (A)

Why is it advisable to conduct penetration tests using different types of box testing methods?

To evaluate different attacker perspectives (A)

Which of the following describes the initial exploitation phase in penetration testing?

Crafting the simulated attack after reconnaissance (A)

What is a common purpose of social engineering tools in penetration testing?

To assess user susceptibility to manipulation (A)

What should one be aware of when conducting a penetration test?

The possible risks involved in the testing process (A)

What risk is associated with penetration testing?

Potential actual damage to systems (D)

What is a critical aspect of assessing encryption key management systems?

Detecting weaknesses within the system (A)

In the context of vulnerability scanning, what is the function of MBSA?

To conduct vulnerability scans of Windows Server (C)

Which stage of penetration testing allows the tester to spread to other hosts and network segments?

Pivoting (A)

What problem can arise from using outdated cipher suites?

Increased susceptibility to attacks (C)

What is typically assessed to identify critical business processes lacking a solid plan?

System anomalies and sprawl (D)

Flashcards

Host Vulnerabilities

Weaknesses in a computer system's operating system (OS) or platform configuration that attackers can exploit.

Default Configurations

Preset settings on an OS or software, often vulnerable if not customized.

Software Vulnerabilities

Weaknesses in software, such as improper handling of inputs, errors, resources or timing; and memory vulnerabilities.

Zero-Day Vulnerability

A software vulnerability exploited before it is publicly known or patched.

Improper Input Handling

Software failing to anticipate unusual input, leading to security breaches.

Encryption Vulnerabilities

Weaknesses in how data is encrypted, which could allow attackers to decrypt or access information.

Network Architecture Vulnerabilities

Weaknesses in the design of a network, allowing attackers to exploit them.

Code Reviews

Systematic evaluation of code to identify vulnerabilities and security flaws, performed on all apps in development.

Attack Surface

The combination of all exposed areas of a system or app that an attacker could potentially exploit.

Reducing Attack Surface

Decreasing the number of potential entry points for attackers, thus lowering the risk of exploitation.

Security Architecture Review

An assessment of the security infrastructure model, verifying if assets are secured and vulnerabilities addressed.

Security Design Review

Evaluation of if a security solution meets organizational needs, before implementation.

Vulnerability Assessment Tools

Tools used to identify system, network and app weaknesses.

Vulnerability Scanner

Tools used to assess systems, networks and apps for security weaknesses.

Credentialed Scan

System scan with elevated privileges for a complete configuration assessment.

Non-credentialed Scan

System scan from a normal user's perspective, focusing on easily exploitable flaws.

False Positives

Incorrectly identified vulnerabilities.

Host OS Configuration

The way a computer's operating system is set up, affecting its security.

Zero-day Vulnerabilities

Security flaws that are unknown and unpatched.

Software Flaws

Weaknesses due to issues in software development, like input handling or memory management.

Signal Leaks

Attackers exploit vulnerabilities in network signal transmission to gain easier access to premises.

DoS Attacks

Denial-of-Service attacks flood systems with excessive traffic, causing delays and service outages.

Weak Passwords

Passwords that lack complexity or length are easily guessed by attackers.

Password Expiration

Passwords that don't expire increase the risk of continued access for compromised accounts.

Multi-factor Authentication

Adding multiple authentication methods makes accounts more secure.

Incorrect Account Grouping

Placing accounts in an improperly assigned group allows users unauthorized access.

Unused Accounts

Unused or disabled accounts should be disabled to prevent unauthorized access.

Guest Accounts

Disabled guest accounts prevent unauthorized access.

Untrained Users

Staff without adequate security training is a prime weakness for social engineering exploits.

Social Engineering

Exploiting the human element to gain sensitive information or access privileges.

EOL Systems

Outdated systems lack vendor support and are vulnerable to exploits.

System Sprawl

Large numbers of disparate systems make securing assets challenging.

Undocumented Assets

Assets without documentation are difficult to manage consistently.

Security Assessment

Testing security controls to find weaknesses.

Vulnerability Assessment

Evaluating system security based on current configurations.

Baseline

Set of configurations used as security standards.

Box Testing Methods

Different approaches to penetration testing, categorized by how much information testers have.

Penetration Testing Tools

Software used to simulate attacks and exploit systems.

Penetration Testing

Simulating real-world attacks to identify vulnerabilities.

Vulnerability Assessment Tools

Tools to find weaknesses in a system.

Black Box Testing

Penetration testing with limited knowledge, like acting like an external attacker.

Grey Box Testing

Penetration testing with partial knowledge, eg. access to limited documentation.

White Box Testing

Penetration testing with full system knowledge, like an employee with full access.

Exploitation Frameworks

Tools to develop and deploy exploits of system vulnerabilities.

Data Sanitization Tools

Tools to securely erase data from a storage medium, deleting all remnants.

Simulating Attack

Conducting penetration testing by creating a simulated attack scenario.

Outdated Cipher Suites

Using outdated encryption methods that have known security weaknesses.

Misconfigured Certificates

Digital certificates with incorrect settings, making them vulnerable.

Weak Encryption Keys

Encryption keys that are easily guessed or broken.

Network Architecture Weaknesses

Problems in the design of a network, making security vulnerable.

Misconfigured Accounts

Accounts with insecure settings, making them easily compromised.

Training Needs

Identifying users needing security training.

Critical Business Processes

Processes lacking a robust security plan.

System Sprawl

Uncontrolled growth of systems, making security oversight harder.

Capturing Network Data

Recording network traffic for analysis.

Vulnerability Scanning

Identifying weak spots in systems using tools.

Penetration Testing

Simulating attacks to find vulnerabilities.

Reconnaissance (Pen Testing)

Gathering information about the target systems to plan attacks.

Exploitation (Pen Testing)

Trying to use vulnerabilities to gain access to systems.

Escalation of Privilege (Pen Testing)

Increasing access levels within systems.

Pivoting (Pen Testing)

Using one compromised system to reach others in the network.

Persistence (Pen Testing)

Maintaining access after compromise.

Study Notes

Security Assessments

• Identify vulnerabilities, assess vulnerabilities, and implement penetration testing are key security assessment steps.

Host Vulnerabilities

• The underlying operating system (OS) and its configuration directly impact host vulnerabilities.
• Default OS configurations are often insufficient and need customization.
• Critical aspects of configuration include running services, installed programs, and security settings.
• Leaving a host with default settings can create weaknesses.
• Attackers might exploit these weaknesses.
• Example: Failing to disable Telnet can lead to man-in-the-middle attacks in this context.

Software Vulnerabilities

• Zero-day: Exploited before public disclosure, often leading to prolonged impact.
• Improper input handling: Software failing to handle unexpected input leading to various security issues such as unauthorized access, privilege escalation, or denial of service (DoS) attacks.
• Improper error handling: Errors that aren't handled well can make the system unstable.
• Resource exhaustion: Insufficient resource management can cause crashes or instability.
• Race conditions: Events occurring out of order leading to crashes.
• Memory vulnerabilities: Memory issues like leaks, buffer overflow, integer overflow, pointer dereference, and DLL injection pose significant risks.

Encryption Vulnerabilities

• Some encryption solutions become insecure or are inherently weak due to time or improper implementation.
• Organizations could utilize obsolete or vulnerable cipher suites.
• Weaknesses in implementation are reflected in things such as digital certificates (invalid addresses, expired certificates, and untrusted signers).
• Poor key management can result in compromised private keys, which can facilitate impersonation and man-in-the-middle attacks.

Network Architecture Vulnerabilities

• Network design can reveal security weaknesses.
• Insecure network designs might allow attackers to move through systems to databases.
• Uncontrolled wireless networks can allow for broader access to a system, allowing attackers to gain more access to areas a user may not be familiar with.
• Attacks intended to stall a system are referred to as DoS (Denial of Service) attacks.

Account Vulnerabilities

• Weak or easily guessable passwords and lack of password expiration are common weaknesses.
• The absence of multi-factor authentication makes accounts vulnerable to brute-force or other related attacks.
• Misplaced accounts and/or accounts with excessive privileges create opportunities for attackers.
• Accounts that have not been disabled and unused accounts are easy target points for potential attack.
• Guest accounts often require disabling or review of configurations.

Operations Vulnerabilities

• Untrained users are susceptible to social engineering and are a significant security risk in this context.
• A lack of a proper incident response policy or plan can expose an organization to attacks.
• Obsolete systems/software without proper maintenance procedures can be significantly vulnerable.
• Inadequate vendor support can hinder the ability to fix security issues.
• Embedded systems (if not secure) may be difficult to detect and understand.
• System sprawl (large, complex systems) can be challenging to manage from a security perspective leading to gaps.
• Undocumented assets make consistent security management difficult.

Security Assessment

• Security assessment is a method of identifying security measures gaps or weaknesses in tools, technology, services, and operations.
• Information obtained provides methods for timely and efficient vulnerability mitigation.
• Various methods are used to determine vulnerabilities, with some approaches being active and others passive.

Security Assessment Techniques

• Review baseline: A set of configurations that are used as reference to check against other systems for security compliance.
• Review code: All applications undergoing development are reviewed to prevent vulnerabilities.
• Determine attack surface: Evaluating points that are exposed to attack, reducing the risk of successful attacks.
• Review security architecture: An evaluation of the security of the infrastructure.
• Review security design: Review whether a proposed security solution meets the organization's requirements.

Vulnerability Assessment Tools

• Vulnerability scanners assess various systems.
• Port scanners evaluate network ports.
• Protocol/packet analyzer assesses network communications.
• Fingerprinting tools identify target information and services.
• Network enumerators map logical network structures or find rogue systems.
• Password crackers recover passwords.
• Backup utilities create copies of scanned data.
• Honeypots redirect activity to isolated systems.

Types of Vulnerability Scans

• Tools to scan for weak points in wireless networks
• Tools to scan for configuration compliance
• Credentialed scans: Scans performed by an authorized user or account, having elevated privileges on all potential targets.
• Non-credentialed scans: The user scans from a common user perspective allowing for more general testing opportunities.

False Positives

• Incorrect identification of a vulnerability.
• Example: Port 5424 could be open but potentially harmless or a non-attackable vulnerability.

Guidelines for Assessing Vulnerabilities

• Consider how host operating systems are configured.
• Create custom configurations that reflect specific security needs.
• Be aware of the risks posed by zero-day vulnerabilities.
• Evaluate flaws in software.
• Consider using outdated cipher suites and how this might introduce risk.
• Evaluate digital certificates for vulnerabilities.
• Assess encryption systems for weaknesses.
• Consider the existing network architecture and its potential weaknesses.
• Account configuration should be properly reviewed.
• Identify users who require training.
• Identify critical business processes.
• Be aware of system sprawl challenges.
• Account for undocumented assets.

Penetration Testing

• Penetration testing employs active methods and techniques to simulate attacks on systems.
• It verifies threats; it goes beyond simple diagnosis by actually attempting to exploit vulnerabilities.
• Penetration testing is more intrusive than vulnerability assessments.
• Gleaning data and information is more thorough.
• There is risk during penetration testing, with potential for damage to systems.
• Penetration tests are often subject to restrictions.

Penetration Testing Techniques

• Reconnaissance: Gathering information about the target system
• Initial exploitation: Obtaining access to the target system
• Escalation of privileges: Increasing access levels on the system
• Pivoting: Expanding access to other systems.
• Persistence: Maintaining access to the system

Box Testing Methods

• Black box - Full reconnaissance
• Grey box - Some reconnaissance
• White box - No reconnaissance

Penetration Testing Tools

• Exploitation Frameworks: Creating and deploying exploit code
• Data sanitization tools: Data securely removed from a storage medium
• Steganography tools: Hiding data to prevent detection
• Social engineering tools: Testing user susceptibilities
• Stress testers: Testing system response to increased load

Guidelines for Implementing Penetration Testing

• Consider a penetration test in addition to or instead of a vulnerability assessment.
• Be aware of risks involved in penetration testing
• Implement pen-testing procedures as phases of a simulated attack
• Pen-test methods can be employed using different box testing techniques.
• Understand the necessary reconnaissance for each box testing method.
• Familiarize yourself with tools used in active exploitation of systems.

Activity: Implementing Penetration Testing

• Conduct a penetration test to observe how attackers can exploit systems.
• Utilize existing credentials, such as one from a previous compromise.
• Use these credentials within simulated attacks on Windows Server.
• This test enables remote desktop access.

Additional Questions and Requirements

• Vulnerability assessment tools used or planned by an organization
• Value of implementing a penetration test in an organization.