Download Security+ Guide to Network Security Fundamentals, Third

Security+ Guide to Network
Security Fundamentals,
Third Edition
Chapter 9
Performing Vulnerability Assessments
Objectives




Define risk and risk management
Describe the components of risk management
List and describe vulnerability scanning tools
Define penetration testing
Security+ Guide to Network Security Fundamentals, Third Edition
2
Risk Management, Assessment, and
Mitigation



One of the most important assets any
organization possesses is its ___________
Unfortunately, the importance of data is
generally __________________________
The first steps in data protection actually
begin with ____________________________
______________________________
Security+ Guide to Network Security Fundamentals, Third Edition
3
What Is Risk?



In information security, a ________ is the
likelihood that a ________________ will
___________________________
More generally, a risk can be defined as an
______________________________
Risk generally denotes a potential ________
________________ to an asset
Security+ Guide to Network Security Fundamentals, Third Edition
4
Definition of Risk Management

Realistically, risk ____________ ever be
entirely eliminated



Would cost too much or take too long
Rather, some degree of risk must always be
assumed
____________________________

A _________________________________ to
managing the ______________________ that is
related to a threat
Security+ Guide to Network Security Fundamentals, Third Edition
5
Steps in Risk Management

Five Steps:
1. Asset Identification
2. Threat Identification
3. Vulnerability Appraisal
4. Risk Assessment
5. Risk Mitigation
More to come on these…
Security+ Guide to Network Security Fundamentals, Third Edition
6
Steps in Risk Management
1. The first step in risk management is
________________________________



Determine the assets that _____________________
Involves the process of _________________________
these items
Types of assets:





Data
Hardware
Personnel
Physical assets
Software
Security+ Guide to Network Security Fundamentals, Third Edition
7
Steps in Risk Management (continued)



Along with the assets, the _________ of the assets
need to be ___________ (example on following slide…)
Important to determine each item’s ______________
Factors that should be considered in determining the
relative value are:




How _________________ to the goals of the organization?
How difficult would it be to replace it?
How much does it ________________________?
How much _______________ does it generate?
Security+ Guide to Network Security Fundamentals, Third Edition
8
Security+ Guide to Network Security Fundamentals, Third Edition
9
Steps in Risk Management (continued)

Factors that should be considered in
determining the relative value are: (continued)




How quickly can it be replaced?
What is the ____________________?
What is the _____________ to the organization if
this ____________________?
What is the security implication if this asset is
unavailable?
Security+ Guide to Network Security Fundamentals, Third Edition
10
Steps in Risk Management (continued)
2. Next step in risk management is _______________


______________________


Determine the threats from threat agents
Any _______________ with the power to ______________
against an asset (examples on following slide…)
Threat __________________


Constructs _________________ of the types of threats that
assets can face
Helps to understand who the attackers are, why they attack,
and what types of attacks might occur
Security+ Guide to Network Security Fundamentals, Third Edition
11
Security+ Guide to Network Security Fundamentals, Third Edition
12
Steps in Risk Management (continued)

__________________________

Provides a __________________ of the attacks
that may occur against an asset
Security+ Guide to Network Security Fundamentals, Third Edition
13
Steps in Risk Management (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
14
Steps in Risk Management (continued)
3. Next step in risk management is ______________
___________________________



Takes a snapshot of the _______________________ as it
now stands
Every asset must be viewed in light of each threat
Determining vulnerabilities often depends upon the
background and experience of the assessor

A ________________________ is better for determining
vulnerabilities vs. just a single person
4. Next step in risk management is _______________

Involves determining the ______________________ from
an attack and the ____________ that the _____________
____________________ to the organization
Security+ Guide to Network Security Fundamentals, Third Edition
15
Steps in Risk Management (continued)


________________________ can be helpful
in determining the impact of a vulnerability
Two formulas are commonly used to calculate
expected losses

Single Loss Expectancy (___________)


The expected _______________________________
Annualized Loss Expectancy (_________)

The expected ________________ that can be expected
for an asset due to a risk _______________________
Security+ Guide to Network Security Fundamentals, Third Edition
16
Security+ Guide to Network Security Fundamentals, Third Edition
17
Steps in Risk Management (continued)
5. Last step in risk management is
______________________________


Must ask oneself what can we do about the risks?
Options when confronted with a risk:



____________ the risk
____________ the risk
____________ the risk
Security+ Guide to Network Security Fundamentals, Third Edition
18
Steps in Risk Management- Summary
Security+ Guide to Network Security Fundamentals, Third Edition
19
Identifying Vulnerabilities

Identifying vulnerabilities through a
__________________________


Determines the _____________________ that
could expose assets to threats
Two categories of software and hardware
tools


Vulnerability scanning
Penetration testing
Security+ Guide to Network Security Fundamentals, Third Edition
20
Vulnerability Scanning

___________________ is typically used by
an organization to ___________________
____________________


need to be addressed in order to ___________
_________________________
Tools include port scanners, network
mappers, protocol analyzers, vulnerability
scanners, the Open Vulnerability and
Assessment Language, and password
crackers
Security+ Guide to Network Security Fundamentals, Third Edition
21
Port Scanners

Internet protocol (IP) addresses



___________________


The primary form of address identification on a
TCP/IP network
Used to uniquely identify each network device
TCP/IP uses a numeric value as an __________
____________________________________
Each datagram (packet) contains not only the
source and destination IP addresses

But also the source port and destination port
Security+ Guide to Network Security Fundamentals
22
Port Scanners (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
23
Port Scanners (continued)


If an attacker knows a specific port is used,
that _____________________________
___________________



Used to ______________________________
that could be used in an attack
__________________________ to know what
applications are running and could be exploited
Three port states:

Open, closed, and blocked
Security+ Guide to Network Security Fundamentals, Third Edition
24
Security+ Guide to Network Security Fundamentals, Third Edition
25
Security+ Guide to Network Security Fundamentals, Third Edition
26
Network Mappers

______________________


Most network mappers utilize the TCP/IP
protocol ___________________


Software tools that can __________________
_________________________
Uses _____________
Internet Control Message Protocol (ICMP)

Provides support to IP in the form of ICMP
messages that allow different types of
communication to occur between IP devices
Security+ Guide to Network Security Fundamentals, Third Edition
27
Network Mappers (continued)


Can be used by Network Admins to
___________________________________
attached to the network
Can be used by __________ to discover
what ______________________ for
attempted attack
Security+ Guide to Network Security Fundamentals, Third Edition
28
Protocol Analyzers

_________________ (also called a _______)



______________________ to decode and
__________________ its contents
Can fully decode application-layer network
protocols
Common uses include:



______________________
Network _____________________
_______________________
Security+ Guide to Network Security Fundamentals, Third Edition
29
Security+ Guide to Network Security Fundamentals, Third Edition
30
Vulnerability Scanners

______________________




A generic term that refers to a range of products
that ________________ in networks or systems
Intended to ________________________ and
_______________________ to these problems
Most vulnerability scanners maintain a
database that categorizes and describes the
vulnerabilities that it can detect
Other types of vulnerability scanners
__________________________________
__________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
31
Security+ Guide to Network Security Fundamentals, Third Edition
32
Open Vulnerability and Assessment
Language (OVAL)

Open Vulnerability and Assessment
Language (__________)



Designed to promote ___________________
_____________________________
____________ the transfer of information across
____________________________
A “____________________” for the exchange of
information regarding security vulnerabilities

These vulnerabilities are identified using industrystandard tools
Security+ Guide to Network Security Fundamentals, Third Edition
33
Open Vulnerability and Assessment
Language (OVAL) (continued)

OVAL vulnerability definitions are recorded in
Extensible Markup Language (XML)


__________________________________
Structured Query Language (SQL)
OVAL supports Windows, Linux, and UNIX
platforms
Security+ Guide to Network Security Fundamentals, Third Edition
34
Open Vulnerability and Assessment
Language (OVAL) (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
35
Password Crackers

Password- RECALL…



Because passwords are common yet provide weak
security, they are a _________________________
Password cracker programs…


A secret combination of letters and numbers that only the
user knows
Use the file of ____________________ and then attempts
to break the hashed passwords _______________
The most common offline password cracker
programs are based on _____________ attacks or
________________________
Security+ Guide to Network Security Fundamentals, Third Edition
36
Security+ Guide to Network Security Fundamentals, Third Edition
37
Password Crackers (continued)

______________________


A defense against password cracker programs for
UNIX and Linux systems
A shadow password mechanism _________
_______________, the “shadow” password
file

This shadow file can ___________________
___________________ and contains only the
hashed passwords
Security+ Guide to Network Security Fundamentals, Third Edition
38
Penetration Testing

______________________

Method of _____________________________
________________________



By _______________ instead of just scanning for
vulnerabilities
Involves a more _______________ of a system
for vulnerabilities
One of the first tools that was widely used for
penetration testing as well as by attackers
was ______________ Security Administrator Tool
for Analyzing Networks
Security+ Guide to Network Security Fundamentals, Third Edition
39
Penetration Testing (continued)

SATAN could __________________________ by
performing penetration testing


Tests determine the ________________________ and
what vulnerabilities may still have existed
SATAN would:



Recognize several common networking-related security
problems
Report the problems _________________________
Offer a tutorial that explained the problem, what its impact
could be, and how to resolve the problem
Security+ Guide to Network Security Fundamentals, Third Edition
40
Summary




In information security, a risk is the likelihood that a
threat agent will exploit a vulnerability
A risk management study generally involves five
specific tasks
Vulnerability scanning is typically used by an
organization to identify weaknesses in the system
that need to be addressed in order to increase the
level of security
Vulnerability scanners for organizations are intended
to identify vulnerabilities and alert network
administrators to these problems
Security+ Guide to Network Security Fundamentals, Third Edition
41
Summary (continued)

More rigorous than vulnerability scanning,
penetration testing is a method of evaluating
the security of a computer system or network
by simulating an attack by a malicious hacker
instead of only scanning for vulnerabilities
Security+ Guide to Network Security Fundamentals, Third Edition
42