Chapter 4 - Vulnerability Analysis PDF

SOFTWARE VULNERABILITIES & EXPLOITATION CHAPTER 4: VULNERABILITY ANALYSIS Learning Objectives  Vulnerability Assessment Concepts  Classification of vulnerabilities and assessment types  Vulnerability assessment tools What is Vulnerability Analysis? Vulnerability  A weakness that could be exploited (by internal/external agents)  E.g. technological by default problems (e.g. HTTP is inherently insecure, not patched OS, router with no authentication or using insure routing protocols)  missing input validation, hardware misconfiguration, software issues, insecure design of network  Vulnerability analysis is also known as vulnerability assessment What is Vulnerability Analysis?  A testing process that involves:  Identifying vulnerabilities  Applications, computer systems, Network infrastructure), and design flaws that can expose assets to misuse/exploitation  Measuring vulnerabilities  Prioritizing vulnerabilities  Ranking vulnerabilities  consists of manual or automated approaches – depending the degrees of precision and coverage.  end goal - to protect systems from unauthorized access and data breaches. Types of Vulnerabilities  Four main types of vulnerabilities in cybersecurity are:  Human Vulnerabilities  Network Vulnerabilities  Process Vulnerabilities  Operating System Vulnerabilities Aspect of Vulnerability Analysis  Enumeration of accessible external and/or internal IT systems and services  Automated vulnerability scan with specific software tools  Manual analysis and evaluation of results to identify attackable vulnerabilities and security gaps  Manual verification of detected security vulnerabilities via direct attacks  Separation of the LAN from external networks with several positions of trust Reason to Conduct Vulnerability Analysis  Identify known security exposures before attackers find them.  Provides insight and knowledge to companies and organization, create awareness, understanding and react to threats  Create an inventory of all the devices on your network, including the security vulnerabilities associated with specific devices.  Create an inventory of all devices in the enterprise to help plan upgrades and future vulnerability assessments.  Define the level of security risk that exists in the IT environment.  Establish the business risk-versus-benefit to better allocate the security budget. Difference between Penetration Testing and Vulnerability Analysis  Penetration Testing - simulating a cyber-attack, using specific techniques to examine the network environment, test defenses, and find holes in those defenses.  Vulnerability analysis - focuses on uncovering as many security vulnerabilities as possible.  Penetration testing follows after the vulnerability analysis have been conducted – to test after identifying and fixing the vulnerabilities found in a vulnerability analysis. Differences between Penetration Testing and Vulnerability Analysis Vulnerability Assessment Penetration Testing Working Discover Vulnerabilities Identify and Exploit Vulnerabilities Mechanism Discovery & Scanning Simulation Focus Breadth over Depth Depth over Breadth Coverage of High Low Completeness Cost Low- Moderate High Performed By In-house Staff An attacker or Pen Tester Tester Knowledge High Low How often to Run After each equipment is loaded Once in a year Provide Partial Details about Provide Complete Details of Result Vulnerabilities Vulnerabilities Concept of va-pt  va – vulnerability analysis/assessment  pt – penetration testing  gives an organization a more detailed view of the threats facing its applications, enabling the business to better protect its systems and data from malicious attacks. Steps of Vulnerability Analysis Steps of Vulnerability Analysis Step 1: Planning  Identify scope of assessment  Identify business processes / functions, assets and know the worth of the devices that are part of network.  Identify risks and critical value device - including a security analysis vulnerability scanner.  Analyze if the device is accessible to everyone or limited to the authorized users and administrators alone. Steps of Vulnerability Analysis Step 2: System Baseline Definition  Identify software, drivers, basic configurations  Documentation of installed systems on network, their capabilities, and the users who have access.  Document all the services, processes, and open ports of those devices.  Scan device or use threat intelligence and a vulnerability database to detect vulnerabilities and remove false positives.  In place controls Steps in Vulnerability Analysis Step 3: Risk Assessment  allocating a severity score for the found vulnerabilities.  rank the vulnerability based on the following factors:  Severity of an attack.  Systems affected during that attack.  The potential business function(s) at risk.  The possible harm the vulnerability may trigger. Steps of Vulnerability Analysis Step 4: Reporting & Remediation  The report should include:  Misconfigurations and errors  Introduction of new techniques for risk mitigation.  Identifying the potential gap between the results and the system baseline.  Implementing measures to mitigate potential vulnerabilities.  Solutions/remediation are reported based on the original assessment objectives.  Conclusions are drawn according to the data collected during vulnerability assessment and are organized to ensure the findings’ assessment.  Monitoring  Continuous activity Vulnerability Management Life Cycle 1. Identify assets 2. Vulnerability assessment (scan) 3. Post-assessment  Risk assessment: risk categorization, level of impact, threat  Remediation: Prioritize mitigation, create action plan, applying patches, lesson learned, awareness trainings  Verification: perform dynamic analysis, rescan to identify applied fixes  Monitoring: timely remediation of flaws, actively looking IDS logs, Implementation of policies Vulnerability Assessment: A Regular Activity  Not a one time event  Vulnerability analysis is An ongoing process that requires revisiting regularly Example of Vulnerabilit y Scanning and Analysis using Open VAS THANK YOU.. Vulnerability Assessment Tools Vulnerability Assessment Tools Vulnerability Assessment Tools Vulnerability Assessment Tools Components of a Vulnerability Assessment Report Summary  This chapter discussed vulnerability research, vulnerability assessment, and the vulnerability-management life cycle.  It described various vulnerability assessment solutions along with their characteristics and  described various vulnerability assessment tools that are used to test a host or application for vulnerabilities  Finally, this chapter ended with a vulnerability assessment report and how it discloses the risks detected after scanning a network.

Chapter 4 - Vulnerability Analysis PDF

Document Details

Tags

Related

Summary

Full Transcript