CompTIA Security + Exam SY0-601 PDF

Exam SY0-601 Dr. Hayam MOUSA  Cybersecurity professionals are responsible for building, operating, and maintaining security controls that protect against these threats.  Through, regular security assessment and testing to ensure that controls are operating properly and that the environment contains no exploitable vulnerabilities.  discussion of vulnerability management, including the design, scheduling, and interpretation of vulnerability scans. It then moves on to discuss penetration testing, an assessment tool that puts cybersecurity professionals in the role of attackers to test security controls.  Vulnerability management concerns about identifying, prioritizing, and remediating vulnerabilities in our environments.  vulnerability scanning is used to detect new vulnerabilities as they arise and then implement a remediation workflow that addresses the highest-priority vulnerabilities.  Organizations also use automated techniques to identify the systems that may be covered by a scan.  Scanning tools can be used for that purpose.  Qualys vulnerability scanner identify the organization assets.  Openvas is an open source linux based scanner  Nessus is windows based scanner.  (asset inventory+ asset crticality information) guide decisions about the types of scans that are performed, the frequency of those scans, and the priority administrators should place on remediating vulnerabilities detected by the scan.  Sec Professionals use automation to help them perform their duties in an efficient, effective manner.  Administrators may designate a schedule that meets their security, compliance, and business requirements.  Benefits is automated alerting with new detected vulnerabilities.  automated email reports  The organization's risk appetite is its willingness to tolerate risk within the environment.  Regulatory requirements, such as those imposed by the Payment Card Industry Data Security Standard (PCI DSS) or the Federal Information Security Management Act (FISMA), may dictate a minimum frequency for vulnerability scans. These requirements may also come from corporate policies.  Technical constraints may limit the frequency of scanning. For example, the scanning system may only be capable of performing a certain number of scans per day,  Business constraints may limit the organization from conducting resource-intensive vulnerability scans during periods of high business activity to avoid disruption of critical processes.  Licensing limitations may curtail the bandwidth consumed by the scanner or the number of scans that may be conducted simultaneously.  Scheduling automated scans  producing reports,  administrators may customize the types of checks performed by the scanner, provide credentials to access target servers, install scanning agents on target servers, and conduct scans from a variety of network perspectives.  It is important to conduct regular configuration reviews of vulnerability scanners to ensure that scan settings match current requirements.  Determine the types of checks that the scanner will perform while minimizing the possibility of disrupting the target environment.  Template scans  custom-developed template  Saving preused configuration as template for reuse.  Basic vulnerability scans provide a realistic view of a system's security from a distance.  However, firewalls, intrusion prevention systems, and other security controls may affect the scan results.  Many security vulnerabilities are difficult to confirm using only a remote scan, causing false positives.  Modern vulnerability management solutions can supplement remote scans with trusted information about server configurations.  Administrators can provide the scanner with credentials to connect to the target server and retrieve configuration information.  This information can be used to determine if a vulnerability exists, improving the scan's accuracy.  Credentialed scans can access operating systems, databases, and applications, among other sources.  credentialed scanning options available within Qualys. Credentialed scans may access operating systems, databases, and applications, among other sources.  Scanning systems themselv es aren't immune from vulnerabi lities.  Security researchers discover new vulnerabilities every week, and vulnerability scanners can only be effective against these vulnerabilities if they receive frequent updates to their plug-ins.  Administrators should configure their scanners to retrieve new plugins on a regular basis, preferably daily. Fortunately, as shown in this process is easily automated.  Tenable's Nessus is a well-known and widely respected network vulnerability scanning product that was one of the earliest products in this field.  Qualys's vulnerability scanner is a more recently developed commercial network vulnerability scanner that offers a unique deployment model using a software-as-a-service (SaaS) management console to run scans using appliances located both in on- premises datacenters and in the cloud.  Rapid7's Nexpose is another commercial vulnerability management system that offers capabilities similar to those of Nessus and Qualys.  The open source OpenVAS offers a free alternative to commercial vulnerability scanners.  Application scanning tools are commonly used as part of the software development process. These tools analyze custom developed software to identify common security vulnerabilities. Application testing occurs using three techniques:  Static testing analyzes code without executing it. This approach points developers directly at vulnerabilities and often provides specific remediation suggestions.  Dynamic testing executes code as part of the test, running all the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities.  Interactive testing combines static and dynamic testing, analyzing the source code while testers interact with the application through exposed interfaces.  development process. Many organizations introduce testing requirements into the software release process, requiring clean tests before releasing code into production.  Web application scanners are specialized tools used to examine the security of web applications. These tools test for web-specific vulnerabilities, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) vulnerabilities.  They work by combining traditional network scans of web servers with detailed probing of web applications using such techniques as sending known malicious input sequences and fuzzing in attempts to break the application.  Nikto is a popular web application scanning tool. It is an open source tool that is free. It uses a command-line interface and is somewhat difficult to use.  Arachni is a packaged scanner available for Windows, macOS, and Linux  Most organizations do use web application scanners, but they choose to use commercial products that offer advanced capabilities and user- friendly interfaces. Although there are dedicated web application scanners, such as Acunetix, on the market, many firms use the web application scanning capabilities of traditional network vulnerability scanners, such as Nessus, Qualys, and Nexpose.  Vulnerability scan reports provide analysts with a significant amount of information that assists with the interpretation of the report.  These reports provide detailed information about each vulnerability that they identify.  the name of the vulnerability, which offers a descriptive title.(SSL version detected)  Overall severity of the vulnerability, (low, medium, high, or critical). (High)  Detailed description of the vulnerability.  A solution to the vulnerability(disable SSL 2.0 and 3.0 and replace their use with a secure version of the TLS protocol.)  “See also”(more details on the vulnerability)  “Output” detailed information returned by the remote system when probed for the vulnerability.  Port/host (port 443-4433)  Vulnerability information (news)  Risk information (Common Vulnerability Scoring System (CVSS))  scanner plug-in that detected the issue  The Common Vulnerability Scoring System (CVSS) is an industry standard for assessing the severity of security vulnerabilities.  It provides a technique for scoring each vulnerability on a variety of measures.  Cybersecurity analysts often use CVSS ratings to prioritize response actions.  Analysts scoring a new vulnerability begin by rating the vulnerability on eight different measures.  Each measure is given both a descriptive rating and a numeric score.  The first four measures evaluate the exploitability of the vulnerability.  Whereas the last three evaluate the impact of the vulnerability.  The eighth metric discusses the scope of the vulnerability.  Describes how an attacker would exploit the vulnerability  The attack complexity metric describes the difficulty of exploiting the vulnerability  The privileges required metric describes the type of account access that an attacker would need to exploit a vulnerability.  This metric reflect the scope metric of the vulnerability. The scope is categorized into changed and unchanged.  The user interaction metric describes whether the attacker needs to involve another human in the attack.  The confidentiality metric describes the type of information disclosure that might occur if an attacker successfully exploits the vulnerability.  The integrity metric describes the type of information alteration that might occur if an attacker successfully exploits the vulnerability.  The availability metric describes the type of disruption that might occur if an attacker successfully exploits the vulnerability.  The scope metric describes whether the vulnerability can affect system components beyond the scope of the vulnerability.  Note that the scope metric table does not contain score information. The value of the scope metric is reflected in the values for the privileges required metric.  CVSS:3.0 simply informs the reader (human or system) that the vector was composed using CVSS version 3.  Attack Vector: Network (score: 0.85)  Attack Complexity: Low (score: 0.77)  Privileges Required: None (score: 0.85)  User Interaction: None (score: 0.85)  Scope: Unchanged  Confidentiality: High (score: 0.56)  Integrity: None (score: 0.00)  Availability: None (score: 0.00)  The CVSS vector provides good detailed information on the nature of the risk posed by a vulnerability, but the complexity of the vector makes it difficult to use in prioritization exercises. For this reason, analysts can calculate the CVSS base score, which is a single number representing the overall risk posed by the vulnerability. Arriving at the base score requires first calculating some other CVSS component scores.  Scope unchanged  Scope changed  If the impact is 0, the base score is 0.  If the scope metric is Unchanged, calculate the base score by adding together the impact and exploitability scores.  If the scope metric is Changed, calculate the base score by adding together the impact and exploitability scores and multiplying the result by 1.08.  The highest possible base score is 10. If the calculated value is greater than 10, set the base score to 10.  Example: If impact score is 3.60 and the exploitability score rounds to 3.9. Adding these together, we get a base score of 7.5  Many vulnerability scanning systems further summarize CVSS results by using risk categories rather than numeric risk ratings.  These are usually based on the CVSS Qualitative Severity Rating Scale.  Vulnerability scanners are useful tools, but they aren't foolproof.  Scanners do sometimes make mistakes.  The scanner might not have sufficient access to the target system.  Or it might simply have an error in a plug-in that generates an erroneous vulnerability report.  False Positives  True Positives  False Negative  True Negative  Cybersecurity analysts should confirm each vulnerability reported (easy or hard).  Log reviews from servers, applications, network devices, and other sources that might contain information about possible attempts to exploit detected vulnerabilities.  Security information and event management (SIEM) systems that correlate log entries from multiple sources and provide actionable intelligence.  Configuration management systems that provide information on the operating system and applications installed on a system.

CompTIA Security + Exam SY0-601 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue