-
vulnerability assessmnent
- 2 main causes:
- software or hardware misconfiguration
- poor programming practices
- 2 main causes:
-
vulnerability research
-
CVSS - Common Vulnerability Scoring System
-
metrics:
- Base
- Temporal
- Environmental
-
score (
3.0and3.1)Severity Base Score Range None 0.0 Low 0.1-3.9 Medium 4.0-6.9 High 7.0-8.9 Critical 9.0-10.0
-
-
CVE - Common Vulnerabilities and Exposures
-
NVD - National Vulnerability Database
- SCAP - Security Content Automation Protocol is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Federal Information Security Management Act, 2002) compliance
-
CWE - Common Weakness Enumeration
-
Vulnerability management life-cycle
- Identify assets and create a baseline - critical assets are identified and prioritized
- Vulnerability scan/assessment - the security analyst identifies the known vulnerabilities in the organization infrastructure
- Risk assessment - all the serious uncertainties that are associated with the system are assessed, fixed, and permanently eliminated for ensuring a flaw free system
- Remediation - is the process of reducing the severity of vulnerabilities
- Verification - provides a clear visibility into the firm and allows the security team to check whether all the previous phases are perfectly employed or not
- Monitor - needs to be performed for maintaining the system security using tools such as IDS/IPS, firewalls, etc.
-
vulnerability classification
- Misconfiguration
- default installation
- Buffer overflows
- Unpatched servers
- Design flaws
- Operations system flaws
- Application flaws
- Open services
- Default passwords
-
types of vulnerability assessment
- active
- passive
- external
- internal
- host-based
- network-based
- application
- database
- wireless network
- distributed
- credentialed - log into a system and retrieve their configuration information. Tt should provide the best results
- non-credentialed
- manual
- automated
-
types of vulnerability assessment solutions:
- product-based - these solutions are installed either on a private or non-routable space or on the Internet-addressable portion of an organization’s network
- service-based - these solutions are offered by third parties, such as auditing or security consulting firms. Some solutions are hosted inside the network, while others are hosted outside the network.
- tree-based - the auditor (parent) selects different strategies for each machine or component (child nodes) of the information system. This approach relies on the administrator to provide a starting piece of intelligence and then to start scanning continuously without incorporating any information found at the time of scanning.
- inference-based - scanning starts by building an inventory of the protocols found on the machine
-
good vulnerability assessment solution
- Ensures correct outcomes by testing the network, network resources, ports, protocols, and operating systems
- Uses a well-organized inference-based approach for testing
- Automatically scans and checks against continuously updated databases
- Creates brief, actionable, customizable reports, including reports of vulnerabilities by severity level, and trend analysis
- Supports multiple networks
- Suggests appropriate remedies and workarounds to correct vulnerabilities
- Imitates the outside view of attackers to gain its objective
-
vulnerability assessment tools
- host-based
- depth
- application-layer
- scope
- active and passive
- location and data examination
- network-based scanner - is used to discover the weaknesses of a given computer’s network or IT assets
- agent-based scanner - all findings are reported to a central server
- proxy scanner
- cluster scanner
- nessus
- qualys
- openvas
- nikto