Download Security+ Guide to Network Security Fundamentals, Fourth Edition

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
Document related concepts

Cyberwarfare wikipedia , lookup

Unix security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Information security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Wireless security wikipedia , lookup

Distributed firewall wikipedia , lookup

Airport security wikipedia , lookup

Security printing wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Computer security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
Security+ Guide to Network
Security Fundamentals,
Fourth Edition
Chapter 4
Vulnerability Assessment
and Mitigating Attacks
Objectives
• Define vulnerability assessment and explain why it is
important
• List vulnerability assessment techniques and tools
• Explain the differences between vulnerability
scanning and penetration testing
• List techniques for mitigating and deterring attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition
2
Vulnerability Assessment
• Systematic evaluation of asset exposure
– Attackers
– Forces of nature
– Any potentially harmful entity
• Aspects of vulnerability assessment
–
–
–
–
–
Asset identification
Threat evaluation
Vulnerability appraisal
Risk assessment
Risk mitigation
Security+ Guide to Network Security Fundamentals, Fourth Edition
3
Vulnerability Assessment (cont’d.)
• Asset identification
– Process of inventorying items with economic value
• Common assets
–
–
–
–
–
People
Physical assets
Data
Hardware
Software
Security+ Guide to Network Security Fundamentals, Fourth Edition
4
Vulnerability Assessment (cont’d.)
• Determine each item’s relative value
–
–
–
–
Asset’s criticality to organization’s goals
How much revenue asset generates
How difficult to replace asset
Impact of asset unavailability to the organization
• Could rank using a number scale
Security+ Guide to Network Security Fundamentals, Fourth Edition
5
Vulnerability Assessment (cont’d.)
• Threat evaluation
– List potential threats
• Threat modeling
– Goal: understand attackers and their methods
– Often done by constructing scenarios
• Attack tree
– Provides visual representation of potential attacks
– Inverted tree structure
Security+ Guide to Network Security Fundamentals, Fourth Edition
6
Table 4-1 Common threat agents
Security+ Guide to Network Security Fundamentals, Fourth Edition
7
Figure 4-1 Attack tree for stealing a car stereo
© Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition
8
Figure 4-2 Attack tree for breaking into grading system
© Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition
9
Vulnerability Assessment (cont’d.)
• Vulnerability appraisal
– Determine current weaknesses
• Snapshot of current organization security
– Every asset should be viewed in light of each threat
– Catalog each vulnerability
• Risk assessment
– Determine damage resulting from attack
– Assess likelihood that vulnerability is a risk to
organization
Security+ Guide to Network Security Fundamentals, Fourth Edition
10
Table 4-2 Vulnerability impact scale
Security+ Guide to Network Security Fundamentals, Fourth Edition
11
Vulnerability Assessment (cont’d.)
• Single loss expectancy (SLE)
– Expected monetary loss each time a risk occurs
– Calculated by multiplying the asset value by exposure
factor
– Exposure factor: percentage of asset value likely to be
destroyed by a particular risk
Security+ Guide to Network Security Fundamentals, Fourth Edition
12
Vulnerability Assessment (cont’d.)
• Annualized loss expectancy (ALE)
– Expected monetary loss over a one year period
– Multiply SLE by annualized rate of occurrence
– Annualized rate of occurrence: probability that a risk
will occur in a particular year
Security+ Guide to Network Security Fundamentals, Fourth Edition
13
Vulnerability Assessment (cont’d.)
• Estimate probability that vulnerability will actually
occur
• Risk mitigation
– Determine what to do about risks
– Determine how much risk can be tolerated
• Options for dealing with risk
– Diminish
– Transfer (outsourcing, insurance)
– Accept
Security+ Guide to Network Security Fundamentals, Fourth Edition
14
Table 4-3 Risk identification steps
Security+ Guide to Network Security Fundamentals, Fourth Edition
15
Assessment Techniques
• Baseline reporting
– Baseline: standard for solid security
– Compare present state to baseline
– Note, evaluate, and possibly address differences
Security+ Guide to Network Security Fundamentals, Fourth Edition
16
Assessment Techniques (cont’d.)
• Application development techniques
– Minimize vulnerabilities during software development
• Challenges to approach
– Software application size and complexity
– Lack of security specifications
– Future attack techniques unknown
Security+ Guide to Network Security Fundamentals, Fourth Edition
17
Assessment Techniques (cont’d.)
• Software development assessment techniques
– Review architectural design in requirements phase
– Conduct design reviews
• Consider including a security consultant
– Conduct code review during implementation phase
• Examine attack surface (code executed by users)
– Correct bugs during verification phase
– Create and distribute security updates as necessary
Security+ Guide to Network Security Fundamentals, Fourth Edition
18
Figure 4-3 Software development process
© Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition
19
Assessment Tools
• IP addresses uniquely identify each network device
• TCP/IP communication
– Involves information exchange between one
system’s program and another system’s
corresponding program
• Port number
– Unique identifier for applications and services
– 16 bits in length
Security+ Guide to Network Security Fundamentals, Fourth Edition
20
Assessment Tools (cont’d.)
• Well-known port numbers
– Reserved for most universal applications
• Registered port numbers
– Other applications not as widely used
• Dynamic and private port numbers
– Available for any application to use
Security+ Guide to Network Security Fundamentals, Fourth Edition
21
Table 4-4 Commonly used default network ports
Security+ Guide to Network Security Fundamentals, Fourth Edition
22
Assessment Tools (cont’d.)
• Knowledge of what port is being used
– Can be used by attacker to target specific service
• Port scanner software
– Searches system for available ports
– Used to determine port state
• Open
• Closed
• Blocked
Security+ Guide to Network Security Fundamentals, Fourth Edition
23
Figure 4-4 Port scanner
© Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition
24
Table 4-5 Port scanning
Security+ Guide to Network Security Fundamentals, Fourth Edition
25
Assessment Tools (cont’d.)
• Protocol analyzers
– Hardware or software that captures packets:
• To decode and analyze contents
– Also known as sniffers
– Example: Wireshark
• Common uses for protocol analyzers
– Used by network administrators for troubleshooting
– Characterizing network traffic
– Security analysis
Security+ Guide to Network Security Fundamentals, Fourth Edition
26
Figure 4-5 Protocol analyzer
© Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition
27
Assessment Tools (cont’d.)
• Attacker can use protocol analyzer to display
content of each transmitted packet
• Vulnerability scanners
– Products that look for vulnerabilities in networks or
systems
– Most maintain a database categorizing
vulnerabilities they can detect
Security+ Guide to Network Security Fundamentals, Fourth Edition
28
Figure 4-6 Vulnerability scanner
© Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition
29
Assessment Tools (cont’d.)
• Examples of vulnerability scanners’ capabilities
– Alert when new systems added to network
– Detect when internal system begins to port scan
other systems
– Maintain a log of all interactive network sessions
– Track all client and server application vulnerabilities
– Track which systems communicate with other
internal systems
Security+ Guide to Network Security Fundamentals, Fourth Edition
30
Assessment Tools (cont’d.)
• Problem with assessment tools
– No standard for collecting, analyzing, reporting
vulnerabilities
• Open Vulnerability and Assessment Language
(OVAL)
– Designed to promote open and publicly available
security content
– Standardizes information transfer across different
security tools and services
Security+ Guide to Network Security Fundamentals, Fourth Edition
31
Figure 4-7 OVAL output
© Cengage Learning 2012
Security+ Guide to Network Security Fundamentals, Fourth Edition
32
Honeypots and Honeynets
• Honeypot
– Computer protected by minimal security
– Intentionally configured with vulnerabilities
– Contains bogus data files
• Goal: trick attackers into revealing their techniques
– Compare to actual production systems to determine
security level against the attack
• Honeynet
– Network set up with one or more honeypots
Security+ Guide to Network Security Fundamentals, Fourth Edition
33
Vulnerability Scanning vs.
Penetration Testing
• Vulnerability scan
– Automated software searches a system for known
security weaknesses
– Creates report of potential exposures
– Should be conducted on existing systems and as
new technology is deployed
– Usually performed from inside security perimeter
– Does not interfere with normal network operations
Security+ Guide to Network Security Fundamentals, Fourth Edition
34
Penetration Testing
•
•
•
•
Designed to exploit system weaknesses
Relies on tester’s skill, knowledge, cunning
Usually conducted by independent contractor
Tests usually conducted outside the security
perimeter
– May even disrupt network operations
• End result: penetration test report
Security+ Guide to Network Security Fundamentals, Fourth Edition
35
Penetration Testing (cont’d.)
• Black box test
– Tester has no prior knowledge of network
infrastructure
• White box test
– Tester has in-depth knowledge of network and
systems being tested
• Gray box test
– Some limited information has been provided to the
tester
Security+ Guide to Network Security Fundamentals, Fourth Edition
36
Table 4-6 Vulnerability scan and penetration testing features
Security+ Guide to Network Security Fundamentals, Fourth Edition
37
Mitigating and Deterring Attacks
• Standard techniques for mitigating and deterring
attacks
–
–
–
–
Creating a security posture
Configuring controls
Hardening
Reporting
Security+ Guide to Network Security Fundamentals, Fourth Edition
38
Creating a Security Posture
• Security posture describes strategy regarding
security
• Initial baseline configuration
– Standard security checklist
– Systems evaluated against baseline
– Starting point for security
• Continuous security monitoring
– Regularly observe systems and networks
Security+ Guide to Network Security Fundamentals, Fourth Edition
39
Creating a Security Posture (cont’d.)
• Remediation
– As vulnerabilities are exposed, put plan in place to
address them
Security+ Guide to Network Security Fundamentals, Fourth Edition
40
Configuring Controls
• Properly configuring controls is key to mitigating
and deterring attacks
• Some controls are for detection
– Security camera
• Some controls are for prevention
– Properly positioned security guard
• Information security controls
– Can be configured to detect attacks and sound
alarms, or prevent attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition
41
Configuring Controls (cont’d.)
• Additional consideration
– When normal function interrupted by failure:
• Which is higher priority, security or safety?
– Fail-open lock unlocks doors automatically upon
failure
– Fail-safe lock automatically locks
• Highest security level
– Firewall can be configured in fail-safe or fail-open
state
Security+ Guide to Network Security Fundamentals, Fourth Edition
42
Hardening
• Purpose of hardening
– Eliminate as many security risks as possible
• Techniques to harden systems
–
–
–
–
Protecting accounts with passwords
Disabling unnecessary accounts
Disabling unnecessary services
Protecting management interfaces and applications
Security+ Guide to Network Security Fundamentals, Fourth Edition
43
Reporting
• Providing information regarding events that occur
• Alarms or alerts
– Sound warning if specific situation is occurring
– Example: alert if too many failed password attempts
• Reporting can provide information on trends
– Can indicate a serious impending situation
– Example: multiple user accounts experiencing
multiple password attempts
Security+ Guide to Network Security Fundamentals, Fourth Edition
44
Related documents
Internet Marketing Fundamentals
Internet Marketing Fundamentals
sch1sec3fundamentalsofmarketing2
sch1sec3fundamentalsofmarketing2
PowerPoint ******
PowerPoint ******
Computer Systems Fundamentals
Computer Systems Fundamentals
DBAdminFund_PPT_2.1
DBAdminFund_PPT_2.1
Tappan Zee High School Virtual High School Course Offerings 2016
Tappan Zee High School Virtual High School Course Offerings 2016
Computer science
Computer science
Course Descriptions
Course Descriptions
Fundamentals of Speech Recognition
Fundamentals of Speech Recognition
Computer Networks [Opens in New Window]
Computer Networks [Opens in New Window]
Cpas - Madison Central High / Overview
Cpas - Madison Central High / Overview
- Canberra College Online
- Canberra College Online