Wednesday, March 4, 2020

NET185 - Vulnerability Testing

In this week’s section, we learned about vulnerability assessments. These tests are important to execute so that a network infrastructure can be secured and prepared for an attack. Vulnerability testing can establish where the weaknesses are, so they can be addressed, fixed or monitored.

There are two types of scannings:

  1. Active Scanning
    • Engages nodes in a network to locate open ports. It can repair security flaws/weak points and can imitate an attack for testing.
  2. Passive Scanning
    • Tests without directly interacting with the network. Finds weaknesses from the information that the systems provide while communicating. This scan can perform constantly or for certain times.

Scanners cannot provide invincibility. There are limitations that were addressed in the video:

  • Time/Point in time
    • Data is only good for the time that the scan is run. Other weaknesses could happen during a different set of hours – like peak times or overnight.
  • New Vulnerabilities
    • Scans can only find what they know/what has been identified as an exploit. If there is a newly created attack, the scanner will not be able to scan for it.

There were 7 types of assessments discussed in the lesson:

  1. Active Assessment
    • Transmits specifically created packets to nodes to obtain information about the OS, domain name, hosts, services & the weaknesses. Example application: nmap
  2. Passive Assessment
    • Uses sniffer traces from a remote system to gather information about the OS, host and current network of the target system. Example application: Wireshark
  3. External Assessments
    • While on public networks, this assessment seeks access to the target network through open firewall ports, routers, web servers, public DNS servers & webpages. This test can determine if network maps exist and external services device maps exist, weaknesses in web applications, the rule set for the external network router configurations and firewalls, open ports and DNS zones.
  4. Internal Assessments
    • Checks on physical security, open ports on network devices and router configurations, the remote management processes, flaws and patches on internal network devices, servers and systems. It can also search for Trojans, virus and other malware.
  5. Host-based Assessments
    • Addresses user risk – malicious, untrained, vendors & administrators. Addresses weaknesses in databases, firewalls, files, web servers & flags errors in configurations.
  6. Application Assessments
    • Can validate if there are input controls and data processing for completed applications with unknown source code.
  7. Wireless Assessments
    • Tests the network for patching errors, authentication, encryption issues and unnecessary services.

Areas of research for vulnerability testing include: Misconfiguration (mostly due to user error), default settings, buffer overflows, unpatched servers, design flaws, OS flaws, application flaws, open services & default usernames and passwords.

Also the Vulnerability Management Life Cycle was explained. The phases are:

  • Baseline Creation -
    • Defining the current security policies and procedures, discussing the present vulnerabilities, addressing what will be tested, setting up all the necessary documentation for the testing (like the Scope of Work/Statement of work, the permission to test form, etc), this is laying out the ground work for the test to being.
  • Vulnerability Assessment -
    • Identify the vulnerability through the tests made, perform at the best times to yield the desired results and ensure that you are familiar with the tools you are using so you will not create any damage.
  • Risk Assessment -
    • Organizing and categorizing a report to present the security weaknesses and risks found and suggest a plan of action to harden security.
  • Remediation -
    • Applying fixes to the present vulnerabilities. Work on the most vulnerable areas first and address the least last.
  • Verification -
    • This phase validates if the fixes were implemented. This can establish a credibility because you will have verifiable evidence that the fixes provided harder security.
  • Monitoring -
    • Sometimes called the recommendations phase. This phase addresses that hackers will continue to exploit vulnerabilities and an organization needs to be wary and continue maintenance of their system to maintain security.

This week's article was 140 GB of U.S. and Europe Individuals Data with 49 Million Unique Emails Leaked Online. The article explained the data breach was due to vulnerabilities in the server (perhaps if they had performed vulnerability assessments of their server, this could have been prevented). The vulnerability was brought to Straffic's attention by a U.S. based security expert who However, since the breach, Straffic has patched the vulnerabilities. So far Straffic assures users that nothing appears to have been lost or misplaced.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)