05_Vulnerability_Analysis.md

Vulnerability Assessment

Vulnerability Assessment is a process of examination, discovery, and identification of a system and applications security measures and weakness. It helps to recognize the vulnerabilities that could be exploited, need of additional security layers, and informations that can be revealed using scanners.

Types of Vulnerability Assessment

• Active Assessments : actively sending requests to the live network and examining the the responses. It requires probing the target host
• Passive Assessments : includes packet sniffing to discover vulnerabilities, running services, open ports, and others. It is a process without interfering the target host
• External Assessment : find out vulnerabilities and exploit them from outside
• Internal Assessment : find and exploit vulnerabilities in the internal network

Vulnerability Assessment Life-Cycle

Creating baseline

• Identifies the nature of the network, the applications, and services
• Creates an inventory of all resources and assets which helps to manage, priorize the assessment
• Helps to maps the infrastucture, learns about security controls, policies, and standards
• Helps to plan the process effectively

Vulnerability Assessment

• Includes examination and inspection of security measures (physical security, security policies and controls, ...)
• The target is evaluated for misconfiguratios, deafult configurations, faults, and other vulnerabilities
• Probing each component individually or using assessment tools
• The report shows the vulnerabilities, their scope, and priorities

Risk Assessment

• Scoping the identified vulnerabilities and their impact on the infrastructure

Remediation

• Remedial actions for the detected vulnerabilities
• Start with the highest priority

Verification

• Make sure that all vulnerabilities are eliminated

Monitor

• Monitor the network traffic and system behaviors for any further intrusion

Vulnerability Assessment Solutions

Product based solution vs Service based solution

• Product based solutions are deployed within the network. Usually dedicated for internal network.

• Service based solutions are third-party solutions which offers security and auditing. This can be host either inside or outside the network. This can be a security risk of being compromised.

Tree-based Assessment vs Inference-based Assessment

• Tree-based Assessment is the approach in which auditor follows different startegies for each component of an environment

• Inference-based Assessment is the approach to assist depending on the inventory of protocols in an environment

Best Practice for Vulnerability Assessment

• Know your tool, know everything about it
• Make sure to not cause any damage with the tool
• Make sure the source location of scan to reduce the focus area
• Run scan frequently

Vulnerability Scoring System

Common Vulnerability Scoring System (CVSS)

• None: 0.0
• Low: 0.1 - 3.9
• Medium: 4.0 - 6.9
• High: 7.0 - 8.9
• Critical: 9.0 - 10.0

Common Vulnerabilities and Exposures (CVE)

Another platform to find information about vilnerabilities

Databases:

• https://nvd.nist.gov/
• https://cve.mitre.org/

Vulnerability Scanning

Vulnerability Scanners are automated utilities to dtect vulnerabilities. These scanning tools perform deep inspection of scripts, open ports, banners, running services, configuration errors, etc...

Top scanners:

• Nessus
• OpenVAS
• Owasp-ZED
• Vega
• Nexpose
• Retina
• GFI LanGuard