Friday, March 6, 2020

Blog 7

This chapter was about analyzing vulnerabilities.

  • An active assessment is obtained by actively testing the network for weaknesses.
  • A passive assessment is obtained by looking for weakness through observation without directly interacting with the network. 
  • An external assessment is obtained by testing external systems and testing from outside the network.
  • An internal assessment is obtained by testing and analyzing processes and systems inside the network.
  • An active scan transmits packets to the nodes within a network to find exposed ports and can repair security flaws.
  • In vulnerability research, there are several areas to research. First is misconfigurations, commonly caused by human error. Second is default configurations, such as default SSID's and passwords. Third is buffer overflows, when a user tries to store more data than a program was written for. Next are unpatched servers. Then there are design flaws, operating system flaws, and application flaws. Last are open services, such as ones run by certain ports. 
Vulnerability Management Life Cycle

  • Creating a baseline is first. This includes defining effectiveness of current policies and procedures. It also includes setting up for the assessment.
  • Vulnerability assessment is testing the network for vulnerabilities.
  • Risk assessment is evaluating the found vulnerabilities for threat level.
  • Remediation is patching, hardening, and correcting weaknesses.
  • Verification is retesting the system to verify patching and hardening was effective.
  • Monitoring is where continuous monitoring of systems is implemented.  
  • Three basic steps in penetration testing:
    • Locate the live nodes on the network. You must know where each live host is.
    • Itemize each open port and service in the network.
    • Test each open port for known vulnerabilities.
Vulnerability Scoring Systems

  • Common Vulnerability Scoring System (CVSS): Categorizes vulnerabilities by threat level.
  • CVSS calculator: Determines risk level of vulnerabilities based on base, temporal, and environmental metrics.
  • Cybersecurity and Infrastructure Security Agency (CISA) : Provides many resources for cyber security.
  • National Vulnerability Database (NVD) : Detailed database of known vulnerabilities.
  • Full disclosure: Forum for discussing vulnerabilities and threats. Has tools, papers, news, and events related to vulnerabilities. 
  • A good site that is for CISA is us-cert.gov.
  • seclists.org/fulldisclosure
 Vulnerability Assessment Tools

  • Qualys Vulnerability Management
  • Nessus Professional
  • Open Source Tools
    • OpenVAS 
    • Nikto
  •  Mobile Tools
    • Retina CS, it's for smartphones, mobile devices, and tablets. It can scan, prioritize, and fix vulnerabilities.
    • SecurityMetrics Mobile
    • Nessus
    • Net Scan
    • Network Scanner

Article

T-Mobile suffered a security breach, says customers' financial data was accessed. Their email vendor was the target of the attack, which exposed some employees emails that contained customer information. They set up two different support pages, one for less information stolen, and one for more sensitive information stolen. They said they quickly identified and shut down the attack. They have begun an investigation with cybersecurity forensic experts. They have not found the hacker yet.

https://www.phonedog.com/2020/03/04/t-mobile-security-breach-customers-financial-details































Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)