Chapter 8 - 03 - Discuss Vulnerability Assessment - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Module Flow Discuss Threat Hunting Discuss Various Threat Intelligence Feeds and Sources Discuss Vulnerability Assessment Discuss Ethical Hacking Concepts Understand Fundamentals of Penetration Testing and its Benefits Understand the Fundamentals of Configuration Management and Asset Management Copyright © by EC-C | erved. Reproduction s Strictly Prohibited. Discuss Vulnerability Assessment Vulnerability assessment plays a major role in providing security to any and infrastructure from various internal and external threats. vulnerability research, vulnerability assessment, types of vulnerability scoring systems, vulnerability management lifecycle, vulnerability vulnerability exploitation. Module 08 Page 1056 organization’s resources This section describes assessment, vulnerability assessment tools, and Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Vulnerability Research 7 O The process of analyzing protocols, services, and configurations to discover vulnerabilities and design flaws that will expose an operating system and its applications to exploit, attack, or misuse O Vulnerabilities are classified based on severity level (low, medium, or high) and exploit range (local or remote) An administrator needs vulnerability reseaxch: To gather information concerning security trends, threats, attack surfaces, attack l ‘ vectors and techniques o— A To gather information to aid in the prevention of security issues ———— To discover weaknesses in the OS and applications, and alert the network administrator before a network attack e @ To know how to recover from a network attack Copyright © by Vulnerability Research discover the vulnerabilities and design flaws that will expose an operating system and its applications to exploit, attack, or misuse. An administrator needs vulnerability research: = To gather information about security trends, newly discovered threats, attack surfaces, attack vectors and techniques = To find weaknesses in the OS and applications and alert the network administrator before a network attack * To understand information that helps prevent security problems = To know how to recover from a network attack A security professional needs to keep up with the most recently discovered vulnerabilities and exploits to stay one step ahead of attackers through vulnerability research, which includes: = Discovering the system compromise a system = Staying updated design faults and weaknesses that might allow attackers to about new products and technologies and reading news related to current exploits = Checking underground hacking web sites (Deep and Dark websites) for newly discovered vulnerabilities and exploits ®= Checking newly released alerts improvements for security systems Module 08 Page 1057 regarding relevant innovations and product Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Security experts and vulnerability scanners classify vulnerabilities by: = Severity level (low, medium, or high) = Exploit range (local or remote) Security professionals need to conduct intense research with the help of information acquired in the footprinting and scanning phases to find vulnerabilities. Module 08 Page 1058 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Resources for Vulnerability Research e %g%mmy. @ Security Magazine ! o Securityfocus Q=== Q e 1 M Q mue @ s, O oo i ; Resources for Vulnerability Research The following are some of the online websites used to perform vulnerability research: * Microsoft Vulnerability Research (MSVR) (https://www.microsoft.com) = Dark Reading (https://www.darkreading.com) = SecurityTracker (https.//securitytracker.com) * Trend Micro (https.//www.trendmicro.com) = Security Magazine (https://www.securitymagazine.com) = PenTest Magazine (https://pentestmag.com) = SC Magazine (https.//www.scmagazine.com) = Exploit Database (https://www.exploit-db.com) = SecurityFocus (https.//www.securityfocus.com) = Help Net Security (https://www.helpnetsecurity.com) = HackerStorm (http://www.hackerstorm.co.uk) = Computerworld (https://www.computerworld.com) Module 08 Page 1059 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 What is Vulnerability Assessment? | O Vulnerability assessment is an in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand the exploitation QO It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels «' A vulnerability assessment may be used to: v" Identify weaknesses that could be exploited v' Predict the effectiveness of additional security measures in protecting information resources from attacks Copyright © by L. All Rights Reserved. Reproductionis Strictly Prohibited What is Vulnerability Assessment? A vulnerability assessment is an in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand exploitation. It scans networks for known security weaknesses, and recognizes, measures, and classifies security vulnerabilities in computer systems, networks, and communication channels. It identifies, quantifies, and ranks possible vulnerabilities to threats in a system. Additionally, it assists security professionals in securing the network by identifying security loopholes security mechanism before attackers can exploit them. or vulnerabilities in the current A vulnerability assessment may be used to: * |dentify weaknesses that could be exploited = Predict the effectiveness resources from attack of additional security measures information for IP-enabled devices and Typically, vulnerability-scanning tools search network enumerate applications to identify vulnerabilities systems, operating systems, and segments in protecting resulting from vendor negligence, system or network administration activities, or day-to-day activities. Vulnerability-scanning software scans the computer against the Common Vulnerability and Exposures (CVE) index and security bulletins provided by the software vendor. Module 08 Page 1060 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Limitations of Vulnerability Assessment The following are some of the limitations of vulnerability assessments: = Vulnerability-scanning software is limited in its ability to detect vulnerabilities at a given point in time = Vulnerability-scanning software must be updated when new vulnerabilities = Software is only as effective as the maintenance performed on it by the software vendor and by the administrator who uses it = Vulnerability Assessment does not measure the strength of security controls = Vulnerability-scanning software itself is not immune to software engineering flaws that discovered or when improvements are made to the software being used are might lead to it missing serious vulnerabilities = Human judgment is needed to analyze the data after scanning and identifying the false positives and false negatives. Module 08 Page 1061 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.