Chapter 8 - 03 - Discuss Vulnerability Assessment - 04_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Types of Vulnerability Assessment (Cont’d) i I Wireless Network Assessment Distributed Assessment Determines the vulnerabilities in the Assesses the distributed organization assets, such organization’s wireless networks as client and server applications, simultaneously through appropriate synchronization techniques Credentialed Assessment Non-Credentialed Assessment Assesses the network by obtaining the @ credentials of all machines present in the network Assesses the network without acquiring any credentials of the assets present in the enterprise network Manual Assessment Automated Assessment In this type of assessment, the ethical hacker In this type of assessment, the ethical hacker manually assesses the vulnerabilities, vulnerability ranking, vulnerability score, etc. employs various vulnerability assessment tools, such as Nessus, Qualys, GFl LanGuard, etc. Copyright © by EC-( til. All Rights Reserved. Reproduction Is Strictly Prohibited. Types of Vulnerability Assessment Given below are the different types of vulnerability assessments: = Active Assessment A type of vulnerability assessment that uses network scanners to identify the hosts, services, and vulnerabilities present in a network. Active network scanners can reduce the intrusiveness of the checks they perform. = Passive Assessment Passive assessments systems, network sniff the traffic present on the network services, applications, and vulnerabilities. to identify the active Passive assessments also provide a list of the users who are currently accessing the network. = External Assessment External assessment examines the network from a hacker’s point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external estimates the threat of network security attacks from outside the determines the level of security of the external network and firewall. assessment organization. It The following are some of the possible steps in performing an external assessment: o Determine a set of rules for firewall and router configurations for the external network o Check whether the external server devices and network devices are mapped o Identify open ports and related services on the external network Module 08 Page 1072 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 o Examine the patch levels on the server and external network devices o Review detection systems such as IDS, firewalls, and application-layer protection systems o Get information on DNS zones o Scan the external network through a variety of proprietary tools available on the Internet o Examine Web applications such as e-commerce and shopping cart software for vulnerabilities = |nternal Assessment An internal assessment involves scrutinizing the internal network to find exploits and vulnerabilities. The following are some of the possible steps in performing an internal assessment: = o Specify the open ports and related services on network devices, servers, and systems o Check the router configurations and firewall rule sets o List the internal vulnerabilities of the operating system and server o Scan for any trojans that may be present in the internal environment o Check the patch levels on the organization’s internal network devices, servers, and systems o Check for the existence of malware, spyware, and virus activity and document them o Evaluate the physical security o Identify and review the remote management process and events o Assess the file-sharing mechanisms (for example, NFS and SMB/CIFS shares) o Examine the antivirus implementation and events Host-based Assessment Host-based assessments configuration-level systems, registry check are settings, to a type identify and other of security system check that configurations, parameters to involve user evaluate the conducting directories, a file possibility of compromise. These assessments check the security of a particular network or server. Host-based scanners assess systems to identify vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. Host-based assessments use many commercial and open-source scanning tools. = Network-based Assessment Network assessments determine the possible network security attacks that may occur on an organization’s system. These assessments discover network resources and map the ports and services running to various areas on the network. It evaluates the Module 08 Page 1073 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 organization’s system for vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. they follow Network assessment professionals use firewalls and network scanners, such as Nessus. These scanners identify open ports, recognize the services running on those ports, and detect vulnerabilities associated with these services. These assessments help organizations identify points of entry and attack into a network since the path and approach of the hacker. They help organizations determine how systems are vulnerable to Internet and intranet attacks, and how an attacker can gain access to important information. A typical network assessment conducts the following tests on a network: = o Checks the network topologies for inappropriate firewall configuration o Examines the router filtering rules o ldentifies inappropriately configured database servers o Tests individual services and protocols such as HTTP, SNMP, and FTP o Reviews HTML source code for unnecessary information o Performs bounds checking on variables Application Assessment An application assessment focuses on transactional web applications, server applications, and hybrid systems. It analyzes all elements infrastructure, including deployment and communication within the This type of assessment tests the webserver infrastructure for any traditional clientof an application client and server. misconfiguration, outdated content, or known vulnerabilities. Security professionals use both commercial and open-source tools to perform such assessments. = Database Assessment A database assessment is any assessment focused on testing the databases for the presence of any misconfiguration or known vulnerabilities. These assessments mainly concentrate on testing various database technologies like MYSQL, MSSQL, ORACLE, and POSTGRESQL to identify data exposure or injection type vulnerabilities. Security professionals use both commercial and open-source tools to perform such assessments. » Wireless Network Assessment Wireless network assessment determines the vulnerabilities in an organization’s wireless networks. In the past, wireless networks used weak and defective data encryption mechanisms. Now, wireless network standards have evolved, but many networks still use weak and outdated security mechanisms and are open Wireless network assessments try to attack wireless authentication to attack. mechanisms and gain unauthorized access. This type of assessment tests wireless networks and identifies rogue networks that may exist within an organization’s perimeter. These assessments audit client-specified sites with a wireless network. They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access if they gain access to the wireless network. Module 08 Page 1074 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools = Exam 212-82 Distributed Assessment This type of assessment, employed by organizations that possess assets like servers and clients at organization different locations, assets, such as involves client simultaneously and server assessing applications, the using distributed appropriate synchronization techniques. Synchronization plays a critical role in this type of assessment. By synchronizing the test runs together, all the separate assets situated at multiple locations can be tested at the same time. = Credentialed Assessment Credentialed assessment is also called authenticated assessment. In this type of assessment, the security professional possesses the credentials of all machines present in the assessed systems and network. The chances of finding vulnerabilities related to operating applications are higher in credential assessment than in non-credential assessment. This type of assessment is challenging since it is highly unclear who owns particular assets in large enterprises, and even when the security professional identifies the actual owners of the assets, accessing the credentials of these assets is highly tricky since the asset owners generally do not share such confidential information. Also, even if the security professional successfully acquires all required credentials, maintaining the password list is a huge task since there can be issues with things like changed passwords, typing errors, and administrative privileges. Although it is the best way of assessing a target enterprise network for vulnerabilities and is highly reliable, it is a complex assessment that is challenging. = Non-Credentialed Assessment Non-credentialed assessment, also called unauthenticated assessment, provides a quick overview of weaknesses by analyzing the network services that are exposed by the host. Since it is a non-credential assessment, a security professional does not require any credentials for the assets to perform their assessments. generates a brief report regarding vulnerabilities; however, does not provide deeper insight into the OS and application exposed by the host to the network. This assessment is also vulnerabilities that are potentially covered by firewalls. It This type of assessment it is not reliable because it vulnerabilities that are not incapable of detecting the is prone to false-positive outputs and is not reliably effective as compared to credential-based assessment. = Manual Assessment After performing footprinting and network scanning and obtaining crucial information, if the security professional performs manual research for exploring the vulnerabilities or weaknesses, they manually rank the vulnerabilities and score them by referring to vulnerability scoring standards like CVSS and vulnerability databases like CVE and CWE. Such assessment is considered to be manual. = Automated Assessment An assessment where a security professional uses vulnerability assessment tools such as Nessus, Qualys, or GFI LanGuard to perform a vulnerability assessment of the target is Module 08 Page 1075 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 called an automated assessment. Unlike manual assessments, in this type of assessment, the security professional does not perform footprinting and network scanning. They employ automated tools that can perform all such activities and are also capable of identifying weaknesses and CVSS scores, acquiring critical CVE/CWE information related to the vulnerability, and suggesting remediation strategies. Module 08 Page 1076 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.