1 / 42

Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments. Objectives. Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing.

cain-petersen
Download Presentation

Security+ Guide to Network Security Fundamentals, Third Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

  2. Objectives Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing Security+ Guide to Network Security Fundamentals, Third Edition

  3. Risk Management, Assessment, and Mitigation One of the most important assets any organization possesses is its ___________ Unfortunately, the importance of data is generally __________________________ The first steps in data protection actually begin with ____________________________ ______________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  4. What Is Risk? In information security, a ________ is the likelihood that a ________________ will ___________________________ More generally, a risk can be defined as an ______________________________ Risk generally denotes a potential ________ ________________ to an asset Security+ Guide to Network Security Fundamentals, Third Edition

  5. Definition of Risk Management Realistically, risk ____________ ever be entirely eliminated Would cost too much or take too long Rather, some degree of risk must always be assumed ____________________________ A _________________________________ to managing the ______________________ that is related to a threat Security+ Guide to Network Security Fundamentals, Third Edition

  6. Steps in Risk Management Five Steps: 1. Asset Identification 2. Threat Identification 3. Vulnerability Appraisal 4. Risk Assessment 5. Risk Mitigation More to come on these… Security+ Guide to Network Security Fundamentals, Third Edition

  7. Steps in Risk Management 1. The first step in risk management is ________________________________ Determine the assets that _____________________ Involves the process of_________________________these items Types of assets: Data Hardware Personnel Physical assets Software Security+ Guide to Network Security Fundamentals, Third Edition 7

  8. Steps in Risk Management (continued) Along with the assets, the _________ of the assets need to be ___________ (example on following slide…) Important to determine each item’s ______________ Factors that should be considered in determining the relative value are: How _________________ to the goals of the organization? How difficult would it be to replace it? How much does it ________________________? How much _______________ does it generate? Security+ Guide to Network Security Fundamentals, Third Edition

  9. Security+ Guide to Network Security Fundamentals, Third Edition

  10. Steps in Risk Management (continued) Factors that should be considered in determining the relative value are: (continued) How quickly can it be replaced? What is the ____________________? What is the _____________ to the organization if this ____________________? What is the security implication if this asset is unavailable? Security+ Guide to Network Security Fundamentals, Third Edition

  11. Steps in Risk Management (continued) 2. Next step in risk management is _______________ Determine the threats from threat agents ______________________ Any _______________ with the power to ______________ against an asset (examples on following slide…) Threat __________________ Constructs _________________ of the types of threats that assets can face Helps to understand who the attackers are, why they attack, and what types of attacks might occur Security+ Guide to Network Security Fundamentals, Third Edition

  12. Security+ Guide to Network Security Fundamentals, Third Edition

  13. Steps in Risk Management (continued) __________________________ Provides a __________________ of the attacks that may occur against an asset Security+ Guide to Network Security Fundamentals, Third Edition

  14. Steps in Risk Management (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  15. Steps in Risk Management (continued) 3.Next step in risk management is ______________ ___________________________ Takes a snapshot of the _______________________ as it now stands Every asset must be viewed in light of each threat Determining vulnerabilities often depends upon the background and experience of the assessor A ________________________ is better for determining vulnerabilities vs. just a single person 4.Next step in risk management is _______________ Involves determining the ______________________ from an attack and the ____________ that the _____________ ____________________ to the organization Security+ Guide to Network Security Fundamentals, Third Edition

  16. Steps in Risk Management (continued) ________________________ can be helpful in determining the impact of a vulnerability Two formulas are commonly used to calculate expected losses Single Loss Expectancy (___________) Theexpected _______________________________ Annualized Loss Expectancy (_________) The expected ________________ that can be expected for an asset due to a risk _______________________ Security+ Guide to Network Security Fundamentals, Third Edition

  17. Security+ Guide to Network Security Fundamentals, Third Edition

  18. Steps in Risk Management (continued) 5. Last step in risk management is ______________________________ Must ask oneself what can we do about the risks? Options when confronted with a risk: ____________ the risk ____________ the risk ____________ the risk Security+ Guide to Network Security Fundamentals, Third Edition

  19. Steps in Risk Management- Summary Security+ Guide to Network Security Fundamentals, Third Edition

  20. Identifying Vulnerabilities Identifying vulnerabilities through a __________________________ Determines the _____________________ that could expose assets to threats Two categories of software and hardware tools Vulnerability scanning Penetration testing Security+ Guide to Network Security Fundamentals, Third Edition

  21. Vulnerability Scanning ___________________ is typically used by an organization to ___________________ ____________________ need to be addressed in order to ___________ _________________________ Tools include port scanners, network mappers, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers Security+ Guide to Network Security Fundamentals, Third Edition

  22. Port Scanners • Internet protocol (IP) addresses • The primary form of address identification on a TCP/IP network • Used to uniquely identify each network device • ___________________ • TCP/IP uses a numeric value as an __________ ____________________________________ • Each datagram (packet) contains not only the source and destination IP addresses • But also the source port and destination port Security+ Guide to Network Security Fundamentals

  23. Port Scanners (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  24. Port Scanners (continued) If an attacker knows a specific port is used, that _____________________________ ___________________ Used to ______________________________ that could be used in an attack __________________________ to know what applications are running and could be exploited Three port states: Open, closed, and blocked Security+ Guide to Network Security Fundamentals, Third Edition

  25. Security+ Guide to Network Security Fundamentals, Third Edition

  26. Security+ Guide to Network Security Fundamentals, Third Edition

  27. Network Mappers ______________________ Software tools that can __________________ _________________________ Most network mappers utilize the TCP/IP protocol ___________________ Uses _____________ Internet Control Message Protocol (ICMP) Provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices Security+ Guide to Network Security Fundamentals, Third Edition

  28. Network Mappers (continued) • Can be used by Network Admins to ___________________________________ attached to the network • Can be used by __________ to discover what ______________________ for attempted attack Security+ Guide to Network Security Fundamentals, Third Edition

  29. Protocol Analyzers _________________ (also called a _______) ______________________ to decode and __________________ its contents Can fully decode application-layer network protocols Common uses include: ______________________ Network _____________________ _______________________ Security+ Guide to Network Security Fundamentals, Third Edition

  30. Security+ Guide to Network Security Fundamentals, Third Edition

  31. Vulnerability Scanners ______________________ A generic term that refers to a range ofproducts that ________________in networks or systems Intended to ________________________ and _______________________ to these problems Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect Other types of vulnerability scanners __________________________________ __________________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  32. Security+ Guide to Network Security Fundamentals, Third Edition

  33. Open Vulnerability and Assessment Language (OVAL) Open Vulnerability and Assessment Language (__________) Designed to promote ___________________ _____________________________ ____________ the transfer of information across ____________________________ A “____________________” for the exchange of information regarding security vulnerabilities These vulnerabilities are identified using industry-standard tools Security+ Guide to Network Security Fundamentals, Third Edition

  34. Open Vulnerability and Assessment Language (OVAL) (continued) OVAL vulnerability definitions are recorded in Extensible Markup Language (XML) __________________________________ Structured Query Language (SQL) OVAL supports Windows, Linux, and UNIX platforms Security+ Guide to Network Security Fundamentals, Third Edition

  35. Open Vulnerability and Assessment Language (OVAL) (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  36. Password Crackers Password- RECALL… A secret combination of letters and numbers that only the user knows Because passwords are common yet provide weak security, they are a _________________________ Password cracker programs… Use the file of ____________________ and then attempts to break the hashed passwords _______________ The most common offline password cracker programs are based on _____________ attacks or ________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  37. Security+ Guide to Network Security Fundamentals, Third Edition

  38. Password Crackers (continued) ______________________ A defense against password cracker programs for UNIX and Linux systems A shadow password mechanism _________ _______________, the “shadow” password file This shadow file can ___________________ ___________________ and contains only the hashed passwords Security+ Guide to Network Security Fundamentals, Third Edition

  39. Penetration Testing ______________________ Method of_____________________________ ________________________ By _______________ instead of just scanning for vulnerabilities Involves a more _______________ of a system for vulnerabilities One of the first tools that was widely used for penetration testing as well as by attackers was ______________ Security Administrator Tool for Analyzing Networks Security+ Guide to Network Security Fundamentals, Third Edition

  40. Penetration Testing (continued) SATAN could __________________________ by performing penetration testing Tests determine the________________________and what vulnerabilities may still have existed SATAN would: Recognize several common networking-related security problems Report the problems _________________________ Offer a tutorial that explained the problem, what its impactcould be, and how to resolve the problem Security+ Guide to Network Security Fundamentals, Third Edition

  41. Summary In information security, a risk is the likelihood that a threat agent will exploit a vulnerability A risk management study generally involves five specific tasks Vulnerability scanning is typically used by an organization to identify weaknesses in the system that need to be addressed in order to increase the level of security Vulnerability scanners for organizations are intended to identify vulnerabilities and alert network administrators to these problems Security+ Guide to Network Security Fundamentals, Third Edition

  42. Summary (continued) More rigorous than vulnerability scanning, penetration testing is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker instead of only scanning for vulnerabilities Security+ Guide to Network Security Fundamentals, Third Edition

More Related