Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments



Similar documents
Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Exam 1 - CSIS 3755 Information Assurance

Security+ P a g e 1 of 5. 5-Day Instructor Led Course

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Penetration Testing Report Client: Business Solutions June 15 th 2015

Network Security and Firewall 1

June 2014 WMLUG Meeting Kali Linux

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

NETWORK SECURITY WITH OPENSOURCE FIREWALL

IntruPro TM IPS. Inline Intrusion Prevention. White Paper

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Penetration Testing Workshop

SCP - Strategic Infrastructure Security

Course Title: Penetration Testing: Security Analysis

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Topics in Network Security

Certified Ethical Hacker (CEH)

Global Partner Management Notice

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Overview. Firewall Security. Perimeter Security Devices. Routers

Host/Platform Security. Module 11

Intrusion Detection Systems (IDS)

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

locuz.com Professional Services Security Audit Services

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Linux Network Security

Intro to Firewalls. Summary

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12

Network Defense Tools

PCISS-1. Job Description: Key Responsibilities: I. Perform troubleshooting& support:

Cisco Security Optimization Service

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

A Decision Maker s Guide to Securing an IT Infrastructure

Security + Certification (ITSY 1076) Syllabus

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Sample Report. Security Test Plan. Prepared by Security Innovation

Information Security. Training

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

information security and its Describe what drives the need for information security.

Wireless Tools. Training materials for wireless trainers

How To Protect A Web Application From Attack From A Trusted Environment

Detection of illegal gateways in protected networks

Firewalls P+S Linux Router & Firewall 2013


Penetration Testing Service. By Comsec Information Security Consulting

Patch and Vulnerability Management Program

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Description: Objective: Attending students will learn:

Network Security: Introduction

SANS Top 20 Critical Controls for Effective Cyber Defense

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

Technical Note. ForeScout CounterACT: Virtual Firewall

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Review: McAfee Vulnerability Manager

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

CS5008: Internet Computing

MCSA Security + Certification Program

VOIP Attacks On The Rise

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

General Network Security

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

State of Minnesota. Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Network Incident Report

Passive Vulnerability Detection

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

Security Event Management. February 7, 2007 (Revision 5)

Shellshock. Oz Elisyan & Maxim Zavodchik

On the Deficiencies of Active Network Discovery Systems

Simple Steps to Securing Your SSL VPN

Domain 5.0: Network Tools

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Virtual Private Networks

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Using Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)

ΕΠΛ 674: Εργαστήριο 5 Firewalls

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

Analysis and Evaluation of Network-Based Intrusion Detection and Prevention System in an Enterprise Network Using Snort Freeware

Vulnerability Assessment and Penetration Testing

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Information Security Office

Transcription:

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments Objectives Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing Risk Management, Assessment, and Mitigation One of the most important assets any organization possesses is its data Importance of data is generally underestimated The first steps in data protection actually begin with understanding risks and risk management What Is Risk? Information Security Context: a risk is the likelihood that a threat agent will exploit a vulnerability More generally: Event or condition that could occur If it does occur, then it has a negative impact Risk generally denotes a potential negative impact to an asset Definition of Risk Management Unrealistic to assume all risks can be mitigated Would cost too much or take too long Some degree of risk must always be assumed Risk management Systematic and structured approach to managing the potential for loss that is related to a threat Section Summary One of the most important assets any organization possesses is its data Its importance is generally underestimated

Risk: Likelihood of a threat agent exploiting a vulnerability Unrealistic assumption that all risks can be mitigated due to cost and time factors Some degree of risk must always be assumed Risk management Systematic and structured approach to managing the potential for loss that is related to a threat Risk Management Steps Step One: Determine the assets that need to be protected Asset identification Process of inventorying and managing these items Types of assets: Data Hardware Personnel Physical assets Software Risk Management Steps (cont.) Assets have attributes that need to be compiled Determine each item s relative value Valuation factors include: How critical is this asset to the goals of the organization? How difficult would it be to replace it? How much does it cost to protect it? How much revenue does it generate? Risk Management Steps (Cont.) Steps in Risk Management (cont.) Valuation Factors (cont.) How quickly can it be replaced?

Cost of replacement? Impact if this asset is unavailable? Security implications if this asset is unavailable? Section Summary Step One: Determine assets requiring protection Asset identification: Process of asset inventory and management Types of assets: Data, Hardware, Personnel, Physical assets, Software Valuation factors include: Criticality; Replacement Difficulty; Cost of protection Generated Revenue; Speed of Replacement; Downtime Impact; Security implications of unavailable Steps in Risk Management (cont.) Step Two: Threat identification Threat agent: Person or thing with the power to carry out a threat against an asset Threat modeling Constructs scenarios of the types of threats that assets can face Helps to understand: Who the attackers are Why they attack How attacks might occur Steps in Risk Management (cont.) Attack tree Provides a visual image of the attacks that may occur against an asset Steps in Risk Management (cont.) Vulnerability Appraisal: Snapshot of current organizational security Every asset must be viewed in light of each threat Determining vulnerabilities often depends upon the background and experience of the assessor

Risk Assessment: Determining likelihood and damage that would result if the vulnerability is a risk to the organization Summary Threat agent: Person or thing with the power to carry out a threat against an asset Threat Modeling: Constructs scenarios based on types of threats that assets can face Threat Modeling Considerations: Who, Why, How attacks might occur Attack tree: tree hierarchy visualization of how attacks may occur against an asset Vulnerability Appraisal: Snapshot of organizations security that considers threats to each asset based on evaluators background and experience Risk Assessment: Determines likelihood and projected damage that would result if the vulnerability is a risk to the organization Steps in Risk Management (cont.) Calculating anticipated losses is helpful in determining vulnerability impact Two formulas are commonly used to calculate expected losses Single Loss Expectancy (SLE) The expected monetary loss every time a risk occurs Formula: Asset Value (AV) x Exposure Factor (EF) {SLE =AV x EF} Annualized Loss Expectancy (ALE) The expected monetary loss that can be expected for an asset due to a risk over a one-year period Formula: Single Loss Value (SLE) x Annualized Rate of Occurrence (ALO) {ALE = SLE x ALO} Instructors Note: You will need to know the formulas for testing and certification Continued below

Steps in Risk Management (cont.) Risk Mitigation: Determine what to do about the risks Risk Mitigation Options: Diminish the risk Transfer the risk Accept the risk Summary Risk Assessment Valuation formulas: Single Loss Expectancy (SLE): Calculates the expected monetary loss every time a risk occurs Annualized Loss Expectancy (ALE): Calculates the expected monetary loss for an asset over a one-year period Risk Mitigation: Determine what to do about the risks Risk Mitigation Options: Diminish the risk Transfer the risk Accept the risk Identifying Vulnerabilities Identifying vulnerabilities through a Vulnerability Appraisal Determines current security weaknesses that could expose assets to threats Two categories of software and hardware tools Vulnerability scanning Penetration testing Vulnerability Scanning Vulnerability scanning: Used to identify weaknesses in the system Importance: Identifies weaknesses that need to be addressed in order to increase the level of security Vulnerability Tools: Port Scanners Network Mappers

Protocol analyzers Vulnerability scanners (include Open Vulnerability and Assessment Language or OVAL) Password crackers Port Scanners IP address The primary form of address identification on a TCP/IP network Used to uniquely identify each network device Port number TCP/IP uses a numeric value as an identifier to applications and services on the systems Examples: TCP Port 80 for WWW service TCP Port 25 for SMTP service Datagrams (packets) Port scanner contains both source and destination IP as well as source port and destination port Scans a target to determine if the system is listening on a given port Identifies possible applications running that could be exploited Three port states: Open System responds with a reply Closed System responds service is unavailable Blocked No reply sent (a.k.a. Stealth Mode) Network Mappers Software tools that can identify network connected endpoints Most network mappers utilize the TCP/IP protocol ICMP Protocol Analyzers Protocol analyzer (also called a sniffer) Captures packets for decoding and analysis Can fully decode application-layer network protocols

Common Use Cases: Network troubleshooting Network traffic characterization Security analysis Vulnerability Scanner Refers to a range of products that look for vulnerabilities in networks or systems Intended to identify vulnerabilities and alert network administrators to these problems Most maintain a database that categorizes and describes the vulnerabilities that it can detect Some scanners combine the features of a port scanner and network mapper Provides for OS Fingerprinting and targeting scanning based on identified OS Open Vulnerability and Assessment Language (OVAL) OVAL International Standards-Based format for security related data exchange of vulnerability data Provides a common language for the exchange of information regarding security vulnerabilities These vulnerabilities are identified using industry-standard tools Allows interoperability between security venders, researchers, and platforms Open Vulnerability and Assessment Language (OVAL) (cont.) Vulnerability definitions are formatted in Extensible Markup Language (XML) Queries are accessed using the database Structured Query Language (SQL) Windows, Linux, and UNIX platforms are support with OVAL signatures Appliance Venders and researchers provide OVAL formatted signatures for scanner use Password Crackers Password: A secret combination of letters and numbers that only the user knows Provides Single Factor Authentication that is often considered weak security; frequent focus of attacks

Password Cracker programs Use the file of hashed passwords and then attempts to break the hashed passwords offline The most common offline password cracker programs are based on dictionary attacks or rainbow tables Password Crackers (cont.) Shadow password Summary Optional implementation in UNIX and Linux systems Not Invoked: File containing hashed system passwords and user information visible to all users File stored in /etc/passwd Invoked: File can only be accessed at the highest level and contains only the hashed passwords File stored in /etc/shadow (Linux) or /etc/master.passwd (Unix) Two categories of software and hardware tools: Vulnerability scanning and Penetration testing Vulnerability scanning: Used to identify weaknesses in the system Vulnerability Tools: Port Scanners; Network Mappers; Protocol analyzers; Password crackers; Vulnerability scanners Port Scanner: Uses a combination of IP address responses to specified port probes to determine services the system is actively listening 3 Port Scan responses options: Open; Closed; Blocked 3 Ports classifications: Well-Known, Registered, & Private numbers Network Mapper: Use ICMP and other techniques to illicit a response from a network endpoint. Protocol Analyzer: Capture and decode application layer packets for use in trouble shooting, traffic characterization, and security analysis Open Vulnerability and Assessment Language (OVAL): International standards-based data exchange format that provides interoperability between security implementations and is support on all major OS categories.

Password Cracker: Uses captured password hashes and performs dictionary or rainbow table attacks to recover user passwords Shadow Password: More secure password storage option in Linux and Unix that restricts hashed user name / password combinations to a more restricted file space within the directory structure. Penetration Testing Method of evaluating the security of a computer system or network by simulating a malicious attack instead of just scanning for vulnerabilities Involves a more active analysis of a system for vulnerabilities One of the first tools that was widely used for penetration testing as well as by attackers was SATAN SATAN could improve the security of a network by performing penetration testing To determine the strength of the security for the network and what vulnerabilities may still have existed SATAN would: Recognize several common networking-related security problems Report the problems without actually exploiting them Offer a tutorial that explained the problem, what its impact could be, and how to resolve the problem

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information