security+ guide to network security fundamentals, third edition
DESCRIPTION
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments. Objectives. Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing. - PowerPoint PPT PresentationTRANSCRIPT
Security+ Guide to Network Security Fundamentals, Third EditionChapter 9Performing Vulnerability Assessments
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives
Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing
2
Security+ Guide to Network Security Fundamentals, Third Edition
Risk Management, Assessment, and Mitigation One of the most important assets any
organization possesses is its ___________ Unfortunately, the importance of data is
generally __________________________ The first steps in data protection actually
begin with ____________________________ ______________________________
3
Security+ Guide to Network Security Fundamentals, Third Edition
What Is Risk?
In information security, a ________ is the likelihood that a ________________ will ___________________________
More generally, a risk can be defined as an ______________________________
Risk generally denotes a potential ________ ________________ to an asset
4
Security+ Guide to Network Security Fundamentals, Third Edition
Definition of Risk Management Realistically, risk ____________ ever be
entirely eliminated Would cost too much or take too long
Rather, some degree of risk must always be assumed
____________________________ A _________________________________ to
managing the ______________________ that is related to a threat
5
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management
Five Steps:
1. Asset Identification
2. Threat Identification
3. Vulnerability Appraisal
4. Risk Assessment
5. Risk Mitigation
More to come on these…
6
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management
1. The first step in risk management is ________________________________ Determine the assets that _____________________ Involves the process of _________________________
these items Types of assets:
Data Hardware Personnel Physical assets Software
7
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management (continued) Along with the assets, the _________ of the assets
need to be ___________ (example on following slide…)
Important to determine each item’s ______________ Factors that should be considered in determining the
relative value are: How _________________ to the goals of the organization? How difficult would it be to replace it? How much does it ________________________? How much _______________ does it generate?
8
Security+ Guide to Network Security Fundamentals, Third Edition 9
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management (continued) Factors that should be considered in
determining the relative value are: (continued) How quickly can it be replaced? What is the ____________________? What is the _____________ to the organization if
this ____________________? What is the security implication if this asset is
unavailable?
10
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management (continued)2. Next step in risk management is _______________
Determine the threats from threat agents ______________________
Any _______________ with the power to ______________ against an asset (examples on following slide…)
Threat __________________ Constructs _________________ of the types of threats that
assets can face Helps to understand who the attackers are, why they attack,
and what types of attacks might occur
11
Security+ Guide to Network Security Fundamentals, Third Edition 12
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management (continued) __________________________
Provides a __________________ of the attacks that may occur against an asset
13
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management (continued)
14
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management (continued)3. Next step in risk management is ______________
___________________________ Takes a snapshot of the _______________________ as it
now stands Every asset must be viewed in light of each threat Determining vulnerabilities often depends upon the
background and experience of the assessor A ________________________ is better for determining
vulnerabilities vs. just a single person 4. Next step in risk management is _______________
Involves determining the ______________________ from an attack and the ____________ that the _____________ ____________________ to the organization
15
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management (continued) ________________________ can be helpful
in determining the impact of a vulnerability Two formulas are commonly used to calculate
expected losses Single Loss Expectancy (___________)
The expected _______________________________ Annualized Loss Expectancy (_________)
The expected ________________ that can be expected for an asset due to a risk _______________________
16
Security+ Guide to Network Security Fundamentals, Third Edition 17
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management (continued)5. Last step in risk management is
______________________________ Must ask oneself what can we do about the risks?
Options when confronted with a risk: ____________ the risk ____________ the risk ____________ the risk
18
Security+ Guide to Network Security Fundamentals, Third Edition
Steps in Risk Management- Summary
19
Security+ Guide to Network Security Fundamentals, Third Edition
Identifying Vulnerabilities
Identifying vulnerabilities through a __________________________ Determines the _____________________ that
could expose assets to threats Two categories of software and hardware
tools Vulnerability scanning Penetration testing
20
Security+ Guide to Network Security Fundamentals, Third Edition
Vulnerability Scanning ___________________ is typically used by
an organization to ___________________ ____________________ need to be addressed in order to ___________
_________________________ Tools include port scanners, network
mappers, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers
21
Port Scanners Internet protocol (IP) addresses
The primary form of address identification on a TCP/IP network
Used to uniquely identify each network device ___________________
TCP/IP uses a numeric value as an __________ ____________________________________
Each datagram (packet) contains not only the source and destination IP addresses But also the source port and destination port
Security+ Guide to Network Security Fundamentals 22
Security+ Guide to Network Security Fundamentals, Third Edition 23
Port Scanners (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Port Scanners (continued)
If an attacker knows a specific port is used, that _____________________________
___________________ Used to ______________________________
that could be used in an attack __________________________ to know what
applications are running and could be exploited Three port states:
Open, closed, and blocked
24
Security+ Guide to Network Security Fundamentals, Third Edition 25
Security+ Guide to Network Security Fundamentals, Third Edition 26
Security+ Guide to Network Security Fundamentals, Third Edition
Network Mappers
______________________ Software tools that can __________________
_________________________ Most network mappers utilize the TCP/IP
protocol ___________________ Uses _____________
Internet Control Message Protocol (ICMP) Provides support to IP in the form of ICMP
messages that allow different types of communication to occur between IP devices
27
Security+ Guide to Network Security Fundamentals, Third Edition
Network Mappers (continued) Can be used by Network Admins to
___________________________________ attached to the network
Can be used by __________ to discover what ______________________ for attempted attack
28
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol Analyzers
_________________ (also called a _______) ______________________ to decode and
__________________ its contents Can fully decode application-layer network
protocols Common uses include:
______________________ Network _____________________ _______________________
29
Security+ Guide to Network Security Fundamentals, Third Edition 30
Security+ Guide to Network Security Fundamentals, Third Edition
Vulnerability Scanners ______________________
A generic term that refers to a range of products that ________________ in networks or systems
Intended to ________________________ and _______________________ to these problems
Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect
Other types of vulnerability scanners __________________________________ __________________________________
31
Security+ Guide to Network Security Fundamentals, Third Edition 32
Security+ Guide to Network Security Fundamentals, Third Edition
Open Vulnerability and Assessment Language (OVAL) Open Vulnerability and Assessment
Language (__________) Designed to promote ___________________
_____________________________ ____________ the transfer of information across
____________________________ A “____________________” for the exchange of
information regarding security vulnerabilities These vulnerabilities are identified using industry-
standard tools
33
Security+ Guide to Network Security Fundamentals, Third Edition
Open Vulnerability and Assessment Language (OVAL) (continued) OVAL vulnerability definitions are recorded in
Extensible Markup Language (XML) __________________________________
Structured Query Language (SQL) OVAL supports Windows, Linux, and UNIX
platforms
34
Security+ Guide to Network Security Fundamentals, Third Edition
Open Vulnerability and Assessment Language (OVAL) (continued)
35
Security+ Guide to Network Security Fundamentals, Third Edition
Password Crackers Password- RECALL…
A secret combination of letters and numbers that only the user knows
Because passwords are common yet provide weak security, they are a _________________________
Password cracker programs… Use the file of ____________________ and then attempts
to break the hashed passwords _______________ The most common offline password cracker
programs are based on _____________ attacks or ________________________
36
Security+ Guide to Network Security Fundamentals, Third Edition 37
Security+ Guide to Network Security Fundamentals, Third Edition
Password Crackers (continued) ______________________
A defense against password cracker programs for UNIX and Linux systems
A shadow password mechanism _________ _______________, the “shadow” password file This shadow file can ___________________
___________________ and contains only the hashed passwords
38
Security+ Guide to Network Security Fundamentals, Third Edition
Penetration Testing ______________________
Method of _____________________________ ________________________ By _______________ instead of just scanning for
vulnerabilities Involves a more _______________ of a system
for vulnerabilities One of the first tools that was widely used for
penetration testing as well as by attackers was ______________ Security Administrator Tool for Analyzing Networks
39
Security+ Guide to Network Security Fundamentals, Third Edition
Penetration Testing (continued) SATAN could __________________________ by
performing penetration testing Tests determine the ________________________ and
what vulnerabilities may still have existed SATAN would:
Recognize several common networking-related security problems
Report the problems _________________________ Offer a tutorial that explained the problem, what its impact
could be, and how to resolve the problem
40
Security+ Guide to Network Security Fundamentals, Third Edition
Summary In information security, a risk is the likelihood that a
threat agent will exploit a vulnerability A risk management study generally involves five
specific tasks Vulnerability scanning is typically used by an
organization to identify weaknesses in the system that need to be addressed in order to increase the level of security
Vulnerability scanners for organizations are intended to identify vulnerabilities and alert network administrators to these problems
41
Security+ Guide to Network Security Fundamentals, Third Edition
Summary (continued)
More rigorous than vulnerability scanning, penetration testing is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker instead of only scanning for vulnerabilities
42