Chapter 8 - 03 - Discuss Vulnerability Assessment - 04_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

Types of Vulnerability Assessment (Cont’d)

Wireless Network Assessment Distributed Assessment
i I Determines the vulnerabilities in the Assesses the distributed organization assets, such
organization’s wireless networks as client and server applications, simultaneously
through appropriate synchronization techniques

Credentialed Assessment Non-Credentialed Assessment
Assesses the network by obtaining the @ Assesses the network without acquiring any
credentials of all machines present in the credentials of the assets present in the
network enterprise network

Manual Assessment Automated Assessment
In this type of assessment, the ethical hacker In this type of assessment, the ethical hacker
manually assesses the vulnerabilities, employs various vulnerability assessment tools,
vulnerability ranking, vulnerability score, etc. such as Nessus, Qualys, GFl LanGuard, etc.

Copyright © by EC-( til. All Rights Reserved. Reproduction Is Strictly Prohibited.

Types of Vulnerability Assessment
Given below are the different types of vulnerability assessments:
= Active Assessment

A type of vulnerability assessment that uses network scanners to identify the hosts,
services, and vulnerabilities present in a network. Active network scanners can reduce
the intrusiveness of the checks they perform.
= Passive Assessment

Passive assessments sniff the traffic present on the network to identify the active
systems, network services, applications, and vulnerabilities. Passive assessments also
provide a list of the users who are currently accessing the network.
= External Assessment

External assessment examines the network from a hacker’s point of view to identify
exploits and vulnerabilities accessible to the outside world. These types of assessments
use external devices such as firewalls, routers, and servers. An external assessment
estimates the threat of network security attacks from outside the organization. It
determines the level of security of the external network and firewall.
The following are some of the possible steps in performing an external assessment:

o Determine a set of rules for firewall and router configurations for the external
network

o Check whether the external server devices and network devices are mapped
o Identify open ports and related services on the external network

Module 08 Page 1072 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

o Examine the patch levels on the server and external network devices
o Review detection systems such as IDS, firewalls, and application-layer protection
systems
o Get information on DNS zones

o Scan the external network through a variety of proprietary tools available on the
Internet

o Examine Web applications such as e-commerce and shopping cart software for
vulnerabilities

= |nternal Assessment

An internal assessment involves scrutinizing the internal network to find exploits and
vulnerabilities. The following are some of the possible steps in performing an internal
assessment:
o Specify the open ports and related services on network devices, servers, and
systems
o Check the router configurations and firewall rule sets
o List the internal vulnerabilities of the operating system and server
o Scan for any trojans that may be present in the internal environment

o Check the patch levels on the organization’s internal network devices, servers, and
systems
o Check for the existence of malware, spyware, and virus activity and document them
o Evaluate the physical security
o Identify and review the remote management process and events

o Assess the file-sharing mechanisms (for example, NFS and SMB/CIFS shares)
o Examine the antivirus implementation and events
= Host-based Assessment

Host-based assessments are a type of security check that involve conducting a
configuration-level check to identify system configurations, user directories, file
systems, registry settings, and other parameters to evaluate the possibility of
compromise. These assessments check the security of a particular network or server.
Host-based scanners assess systems to identify vulnerabilities such as native
configuration tables, incorrect registry or file permissions, and software configuration
errors. Host-based assessments use many commercial and open-source scanning tools.
= Network-based Assessment

Network assessments determine the possible network security attacks that may occur
on an organization’s system. These assessments discover network resources and map
the ports and services running to various areas on the network. It evaluates the

Module 08 Page 1073 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

organization’s system for vulnerabilities such as missing patches, unnecessary services,
weak authentication, and weak encryption. Network assessment professionals use
firewalls and network scanners, such as Nessus. These scanners identify open ports,
recognize the services running on those ports, and detect vulnerabilities associated with
these services. These assessments help organizations identify points of entry and attack
into a network since they follow the path and approach of the hacker. They help
organizations determine how systems are vulnerable to Internet and intranet attacks,
and how an attacker can gain access to important information. A typical network
assessment conducts the following tests on a network:

o Checks the network topologies for inappropriate firewall configuration

o Examines the router filtering rules

o ldentifies inappropriately configured database servers

o Tests individual services and protocols such as HTTP, SNMP, and FTP

o Reviews HTML source code for unnecessary information
o Performs bounds checking on variables
= Application Assessment

An application assessment focuses on transactional web applications, traditional client-
server applications, and hybrid systems. It analyzes all elements of an application
infrastructure, including deployment and communication within the client and server.
This type of assessment tests the webserver infrastructure for any misconfiguration,
outdated content, or known vulnerabilities. Security professionals use both commercial
and open-source tools to perform such assessments.
= Database Assessment

A database assessment is any assessment focused on testing the databases for the
presence of any misconfiguration or known vulnerabilities. These assessments mainly
concentrate on testing various database technologies like MYSQL, MSSQL, ORACLE, and
POSTGRESQL to identify data exposure or injection type vulnerabilities. Security
professionals use both commercial and open-source tools to perform such assessments.
» Wireless Network Assessment

Wireless network assessment determines the vulnerabilities in an organization’s
wireless networks. In the past, wireless networks used weak and defective data
encryption mechanisms. Now, wireless network standards have evolved, but many
networks still use weak and outdated security mechanisms and are open to attack.
Wireless network assessments try to attack wireless authentication mechanisms and
gain unauthorized access. This type of assessment tests wireless networks and identifies
rogue networks that may exist within an organization’s perimeter. These assessments
audit client-specified sites with a wireless network. They sniff wireless network traffic
and try to crack encryption keys. Auditors test other network access if they gain access
to the wireless network.

Module 08 Page 1074 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

= Distributed Assessment

This type of assessment, employed by organizations that possess assets like servers and
clients at different locations, involves simultaneously assessing the distributed
organization assets, such as client and server applications, using appropriate
synchronization techniques. Synchronization plays a critical role in this type of
assessment. By synchronizing the test runs together, all the separate assets situated at
multiple locations can be tested at the same time.
= Credentialed Assessment

Credentialed assessment is also called authenticated assessment. In this type of
assessment, the security professional possesses the credentials of all machines present
in the assessed network. The chances of finding vulnerabilities related to operating
systems and applications are higher in credential assessment than in non-credential
assessment. This type of assessment is challenging since it is highly unclear who owns
particular assets in large enterprises, and even when the security professional identifies
the actual owners of the assets, accessing the credentials of these assets is highly tricky
since the asset owners generally do not share such confidential information. Also, even
if the security professional successfully acquires all required credentials, maintaining the
password list is a huge task since there can be issues with things like changed
passwords, typing errors, and administrative privileges. Although it is the best way of
assessing a target enterprise network for vulnerabilities and is highly reliable, it is a
complex assessment that is challenging.
= Non-Credentialed Assessment

Non-credentialed assessment, also called unauthenticated assessment, provides a quick
overview of weaknesses by analyzing the network services that are exposed by the host.
Since it is a non-credential assessment, a security professional does not require any
credentials for the assets to perform their assessments. This type of assessment
generates a brief report regarding vulnerabilities; however, it is not reliable because it
does not provide deeper insight into the OS and application vulnerabilities that are not
exposed by the host to the network. This assessment is also incapable of detecting the
vulnerabilities that are potentially covered by firewalls. It is prone to false-positive
outputs and is not reliably effective as compared to credential-based assessment.

= Manual Assessment

After performing footprinting and network scanning and obtaining crucial information, if
the security professional performs manual research for exploring the vulnerabilities or
weaknesses, they manually rank the vulnerabilities and score them by referring to
vulnerability scoring standards like CVSS and vulnerability databases like CVE and CWE.
Such assessment is considered to be manual.
= Automated Assessment

An assessment where a security professional uses vulnerability assessment tools such as
Nessus, Qualys, or GFI LanGuard to perform a vulnerability assessment of the target is

Module 08 Page 1075 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Assessment Techniques and Tools

called an automated assessment. Unlike manual assessments, in this type of
assessment, the security professional does not perform footprinting and network
scanning. They employ automated tools that can perform all such activities and are also
capable of identifying weaknesses and CVSS scores, acquiring critical CVE/CWE
information related to the vulnerability, and suggesting remediation strategies.

Module 08 Page 1076 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.