Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability...

Security+ Guide to Network Security Fundamentals, Third EditionChapter 9Performing Vulnerability Assessments

Security+ Guide to Network Security Fundamentals, Third Edition

Objectives

Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing

2


Risk Management, Assessment, and Mitigation One of the most important assets any

organization possesses is its ___________ Unfortunately, the importance of data is

generally __________________________ The first steps in data protection actually

begin with ____________________________ ______________________________

3


What Is Risk?

In information security, a ________ is the likelihood that a ________________ will ___________________________

More generally, a risk can be defined as an ______________________________

Risk generally denotes a potential ________ ________________ to an asset

4


Definition of Risk Management Realistically, risk ____________ ever be

entirely eliminated Would cost too much or take too long

Rather, some degree of risk must always be assumed

____________________________ A _________________________________ to

managing the ______________________ that is related to a threat

5


Steps in Risk Management

Five Steps:

1. Asset Identification

2. Threat Identification

3. Vulnerability Appraisal

4. Risk Assessment

5. Risk Mitigation

More to come on these…

6


Steps in Risk Management

1. The first step in risk management is ________________________________ Determine the assets that _____________________ Involves the process of _________________________

these items Types of assets:

Data Hardware Personnel Physical assets Software

7


Steps in Risk Management (continued) Along with the assets, the _________ of the assets

need to be ___________ (example on following slide…)

Important to determine each item’s ______________ Factors that should be considered in determining the

relative value are: How _________________ to the goals of the organization? How difficult would it be to replace it? How much does it ________________________? How much _______________ does it generate?

8

Security+ Guide to Network Security Fundamentals, Third Edition 9


Steps in Risk Management (continued) Factors that should be considered in

determining the relative value are: (continued) How quickly can it be replaced? What is the ____________________? What is the _____________ to the organization if

this ____________________? What is the security implication if this asset is

unavailable?

10


Steps in Risk Management (continued)2. Next step in risk management is _______________

Determine the threats from threat agents ______________________

Any _______________ with the power to ______________ against an asset (examples on following slide…)

Threat __________________ Constructs _________________ of the types of threats that

assets can face Helps to understand who the attackers are, why they attack,

and what types of attacks might occur

11


Steps in Risk Management (continued) __________________________

Provides a __________________ of the attacks that may occur against an asset

13


Steps in Risk Management (continued)

14


Steps in Risk Management (continued)3. Next step in risk management is ______________

___________________________ Takes a snapshot of the _______________________ as it

now stands Every asset must be viewed in light of each threat Determining vulnerabilities often depends upon the

background and experience of the assessor A ________________________ is better for determining

vulnerabilities vs. just a single person 4. Next step in risk management is _______________

Involves determining the ______________________ from an attack and the ____________ that the _____________ ____________________ to the organization

15


Steps in Risk Management (continued) ________________________ can be helpful

in determining the impact of a vulnerability Two formulas are commonly used to calculate

expected losses Single Loss Expectancy (___________)

The expected _______________________________ Annualized Loss Expectancy (_________)

The expected ________________ that can be expected for an asset due to a risk _______________________

16


Steps in Risk Management (continued)5. Last step in risk management is

______________________________ Must ask oneself what can we do about the risks?

Options when confronted with a risk: ____________ the risk ____________ the risk ____________ the risk

18


Steps in Risk Management- Summary

19


Identifying Vulnerabilities

Identifying vulnerabilities through a __________________________ Determines the _____________________ that

could expose assets to threats Two categories of software and hardware

tools Vulnerability scanning Penetration testing

20


Vulnerability Scanning ___________________ is typically used by

an organization to ___________________ ____________________ need to be addressed in order to ___________

_________________________ Tools include port scanners, network

mappers, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers

21

Port Scanners Internet protocol (IP) addresses

The primary form of address identification on a TCP/IP network

Used to uniquely identify each network device ___________________

TCP/IP uses a numeric value as an __________ ____________________________________

Each datagram (packet) contains not only the source and destination IP addresses But also the source port and destination port

Security+ Guide to Network Security Fundamentals 22


Port Scanners (continued)


Port Scanners (continued)

If an attacker knows a specific port is used, that _____________________________

___________________ Used to ______________________________

that could be used in an attack __________________________ to know what

applications are running and could be exploited Three port states:

Open, closed, and blocked

24


Network Mappers

______________________ Software tools that can __________________

_________________________ Most network mappers utilize the TCP/IP

protocol ___________________ Uses _____________

Internet Control Message Protocol (ICMP) Provides support to IP in the form of ICMP

messages that allow different types of communication to occur between IP devices

27


Network Mappers (continued) Can be used by Network Admins to

___________________________________ attached to the network

Can be used by __________ to discover what ______________________ for attempted attack

28


Protocol Analyzers

_________________ (also called a _______) ______________________ to decode and

__________________ its contents Can fully decode application-layer network

protocols Common uses include:

______________________ Network _____________________ _______________________

29


Vulnerability Scanners ______________________

A generic term that refers to a range of products that ________________ in networks or systems

Intended to ________________________ and _______________________ to these problems

Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect

Other types of vulnerability scanners __________________________________ __________________________________

31


Open Vulnerability and Assessment Language (OVAL) Open Vulnerability and Assessment

Language (__________) Designed to promote ___________________

_____________________________ ____________ the transfer of information across

____________________________ A “____________________” for the exchange of

information regarding security vulnerabilities These vulnerabilities are identified using industry-

standard tools

33


Open Vulnerability and Assessment Language (OVAL) (continued) OVAL vulnerability definitions are recorded in

Extensible Markup Language (XML) __________________________________

Structured Query Language (SQL) OVAL supports Windows, Linux, and UNIX

platforms

34


Open Vulnerability and Assessment Language (OVAL) (continued)

35


Password Crackers Password- RECALL…

A secret combination of letters and numbers that only the user knows

Because passwords are common yet provide weak security, they are a _________________________

Password cracker programs… Use the file of ____________________ and then attempts

to break the hashed passwords _______________ The most common offline password cracker

programs are based on _____________ attacks or ________________________

36


Password Crackers (continued) ______________________

A defense against password cracker programs for UNIX and Linux systems

A shadow password mechanism _________ _______________, the “shadow” password file This shadow file can ___________________

___________________ and contains only the hashed passwords

38


Penetration Testing ______________________

Method of _____________________________ ________________________ By _______________ instead of just scanning for

vulnerabilities Involves a more _______________ of a system

for vulnerabilities One of the first tools that was widely used for

penetration testing as well as by attackers was ______________ Security Administrator Tool for Analyzing Networks

39


Penetration Testing (continued) SATAN could __________________________ by

performing penetration testing Tests determine the ________________________ and

what vulnerabilities may still have existed SATAN would:

Recognize several common networking-related security problems

Report the problems _________________________ Offer a tutorial that explained the problem, what its impact

could be, and how to resolve the problem

40


Summary In information security, a risk is the likelihood that a

threat agent will exploit a vulnerability A risk management study generally involves five

specific tasks Vulnerability scanning is typically used by an

organization to identify weaknesses in the system that need to be addressed in order to increase the level of security

Vulnerability scanners for organizations are intended to identify vulnerabilities and alert network administrators to these problems

41


Summary (continued)

More rigorous than vulnerability scanning, penetration testing is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker instead of only scanning for vulnerabilities

42

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability...

Documents

Transcript of Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability...