Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
55 Cards in this Set
- Front
- Back
Vulnerability Management |
Programs that play a crucial role in identifying, prioritizing, and remediating vulnerabilities in our environments. |
|
Vulnerability Scanning |
To detect new vulnerabilities as they arise and then implement a remediation workflow that addresses the highest priority vulnerabilities. |
|
Asset Inventory/Asset Map |
A collection of connected systems, whether they were previously known or unknown to create an asset map |
|
Asset Criticality |
Information that helps make the determinations about which systems are critical and which are non critical. |
|
Risk Appetite |
Willingness to tolerate risk within the environment. How much risk is acceptable. |
|
Regulatory Requirements (Scanning) |
Certain regulatory bodies require frequency of scanning to be compliant. |
|
Technical Constraints (Scanning) |
These can limit the number or frequency of scans. |
|
Business Constraints (Scanning) |
These restrictions are in place to limit scanning during periods of high business activity to avoid disruptions. |
|
Licensing Limitations (Scanning) |
May curtail the bandwidth consumed by the scanner or the number of scans that my be conducted simulataneously |
|
Configuration Reviews |
A check to ensure that scan settings match current requirements |
|
Scan Sensitivity Levels |
Scans start out by using a template usually provided by the scanning product/vendor. Administrators customize these scans and should save them as their own templates saving time and reducing errors for future scans |
|
Scan Plug-ins |
These improve the efficiency of scans as each plugin performs a check for a specific vulnerability. Disabling unnecessary plugins improves the speed of the scan and may reduce the number of false positive results detected by the scanner. |
|
Supplemental Scans |
Additional scans that take place due to disruption caused by firewalls, intrusion prevention systems, and other security controls the lie between the scanner and the target server. |
|
Credentialed scans |
Typically only retrieve information from target servers and do not make changes to the server itself. Administrators should follow least privilege by providing read-only permissions to the scanner. This reduces the likelihood of the scanner causing a security incident related to their credentials. |
|
Agent-Based Scanning |
Installed software on each server these agents provide an “inside-out” vulnerability scan. They report back to the vulnerability management platform |
|
Scan Perspectives |
Each scan perspective conducts the scan from a different location on the network, providing a different view into vulnerabilities. External scan gives the perspective of an outside attacker, Internal scan give the perspective of a malicious insider attack. |
|
Controls that Affect Scans |
Firewall Network Segmentation Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS) |
|
Scanner Software |
Scanning systems can be prone to vulnerabilities. Regular patching of scanner software protects and organization against scanner-specific vulnerabilities as well as important bug fixes and feature enhancements to improve scan quality |
|
Vulnerability Plug-in Feeds |
Security researchers discover new vulnerabilities every week, and vulnerability scanners can only be effective against these vulnerabilities is they receive frequent updates to their plug-ins. |
|
SCAP |
Security Content Automation Protocol. Is an effort by National Institute of Standards and Technology (NIST) to create a standardized approach for communicating security related information |
|
Vulnerability Scanning Tools |
Network Vulnerability Scanner Application Scanner Web Application Scanner |
|
Network Vulnerability Scanner |
Probe a wide range of network connected devices for known vulnerabilities. They reach out to any systems connected to the network, attempt to determine the type of device and its configuration, and the launch targeted tests designed to detect the presence of any known vulnerabilities on those devices |
|
Application Scanning |
Analyze custom developed software to identify common security vulnerabilities. |
|
Static Testing |
Analyzes code without running it |
|
Dynamic Testing |
Executes code as part of the test, running all the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities |
|
Interactive Testing |
Combines static and dynamic testing, analyzing the source code while rosters interact with the application through exposed interfaces. |
|
Web Application Scanning |
Tool used to examine the security of web applications. Vulnerabilities that are looked for are SQL injection, Cross site scripting XSS, and cross site request forgery CSRF. |
|
CVSS |
Common Vulnerability Scoring System. Industry standard for assessing the severity of security vulnerabilities. It provides a technique for scoring each vulnerability on a variety for measures in order to priorities response actions |
|
Attack Vector Metric |
Describes how an attacker would exploit the vulnerability |
|
Attack Complexity Metric |
Describes the difficulty of exploiting the vulnerability |
|
User Interaction Metric |
Describes whether the attacker needs to involve another human in the attack |
|
Confidentiality Metric |
Describes the type of information disclosure that might occur if an attacker successfully exploits the vulnerability |
|
Integrity Metric |
Describes the type of information alteration that might occur if an attacker successfully exploits the vulnerability |
|
Availability Metric |
Describes the type of disruption that might occur if an attacker successfully exploits the vulnerability. |
|
Scope Metric |
Describes whether the vulnerability can affect system components beyond the scope of the vulnerability. |
|
CVSS Vector |
A single line format o convey the ratings of a vulnerability on all six of the metrics. |
|
False Positive |
When a scanner reports a vulnerability that does not exist |
|
False Negative |
When a report states that there is no vulnerability when there is |
|
Reconciling Scan Results |
Scan results should be checked against other information including: Log Reviews Security Information and Event Management Systems Configuration Management Systems |
|
Patch Management |
One of the core practices in any information security program is a proper patch management system. Outdated versions are commonly found in vulnerability scan and they should be updated through a patch management system |
|
Legacy Platforms |
These are systems that are no longer supported by the vendor which created them. This means no more patches will be released and it is on the user to ensure that the system is free of security flaws. If at all possible these systems should be converted to the newer systems that are supported by the vendor |
|
Weak Configuration |
Vulnerability scans can highlight weak configuration settings which can include: Default settings Unsecured Accounts Open Ports Open Permissions |
|
Debug Mode |
Give developers crucial error information needed to troubleshoot applications in the development process. This gives detailed information of the inner workings of the application which can be a security risk if debug mode is left on and attackers gained access. Developers should disable debug access to any system with public exposure. |
|
Insecure Protocols |
Telnet is an insecure protocol used to gain command line access to a remote server. FTP allows for the transfer of files but not securely. The secure version of Telnet is Secure Shell (SSH) and for FTP is SFTP or FTPS |
|
Weak Encryption |
2 Choices when it comes to encryption Algorithm & Key Weak encryption algorithm may be easily defeated by an attacker Weak Key that is easily guessable because of its length or composition, an attacker may find it using a cryptographic attack. |
|
Penetration Testing |
Authorized, legal attempts to defeat an organization’s security controls and perform unauthorized activities. They are the most effective way for an organization to gain a complete picture of their security vulnerability. |
|
Reasons for Pen Testing |
Pen testing provides us with visibility into the organizational security posture that simply isn’t available by other means. |
|
Benefits of Pen Testing |
We learn whether an attacker with the same or less knowledge/skills would likely be able to penetrate our defenses. It also gives a blueprint of remediation in the event that attackers are successful |
|
Threat Hunting |
Similar to Pen testing except for what they try to accomplish. Threat hunting looks for evidence of a successful attack. They use attacker’s mindset to see what a hacker might do and what type of evidence they might leave behind and the go in search of that evidence |
|
Penetration Test Types |
White Box: known environment tests that are performed with full knowledge of the technology, configurations, and setting that make up the target. Benefits: Less time requirements Disadvantages: May not provide an accurate view of external attacker Black Box: Unknown environment test intended to replicate what an attacker would encounters. Benefits: Realistic view of what an attacker sees Disadvantages: Time consuming Gray Box: partially known environment test, given some information. Not as time consuming, while also providing a more accurate view of what an actually attacker would encounter
|
|
Bug Bounty |
Allow organizations the opportunity to benefit from the wisdom and talent of cybersecurity professionals outside their own teams. This provides outsiders to conduct security testing with the incentive of financial rewards. |
|
Rules of Engagement |
Given to testers at the beginning to give them the scope of the test the organization is looking for. Timeline Locations (Places, Systems, Applications, Included and Excluded) Data Handling Expected Behaviors Committed Resources Legal Concerns Communications |
|
Reconnaissance |
Pen tests start with this phase, where testers seek to gather as much information as possible about their target. Passive reconnaissance happens without directly engaging with the target. This includes Open Source Intelligence (OSINT) Active reconnaissance occurs when direct contact is made with target. This includes port scanning, foot printing to identify operating systems and applications in use, and vulnerability scanning. |
|
Phases of Test |
Initial Access: attacker gains access to the network Privilege escalation: shift from the initial access gained by a the attacker to more advanced privileges, such as root/admin Pivoting/Lateral Movement: uses initial compromise in order to gain access to other parts of the network Persistence: installing back doors and other mechanisms to allow them to regain access to the network, even if the vulnerability is eventually patched |
|
Teams |
Red Team: are the attackers who attempt to gain access to systems Blue Team: are the defenders who must secure systems and networks from attack White Team: Observers and judges Purple Team: Post exercise the red and blue team discuss the strategies of each team in the exercise to help everyone learn from the process. |