7.1 - Vulnerability Assessment

 7.1 - Vulnerability assessment 

 

Key Terms: 

    • Active assessment – A network evaluation that is obtained by actively testing the network for weaknesses. 
    • Passive assessmentA network evaluation that is obtained by looking for weaknesses purely through observation. 
    • External assessment – A network evaluation that is obtained by testing external systems from outside the network. 
    • Internal assessment - A network evaluation that is obtained by testing and analysing processes and systems inside the network. 

 

Vulnerability Assessment 

A vulnerability assessment is the process of identifying weaknesses in an organisation’s infrastructure including operating systems, web applications and web servers. It is used to plan additional security measures to protect the systems from an attack. 

 

Expected Results 

Vulnerabilities an ethical hacker may uncover can include open ports and services, vulnerabilities in apps and services, configuration errors and weak account security. 

 

Scanning 

An active scan passes packets to the nodes within the network to determine vulnerabilities while a passive scan doesn’t interact with the network at all, rather it identifies vulnerabilities from information delivered by the system itself. Active scanning is like a real cyber-attack and can be used to simulate what would happen if an attack did happen. Sometimes, scanning can’t happen 24/7. Some systems may only be vulnerable at set times such as work hours. 

 

Active Assessment 

This is where specifically created packets are sent to target nodes to determine the operating system, host, services and vulnerabilities. Nmap is a great tool for an active assessment. 

 

Passive Assessment 

Using sniffer services, a hacker can identify the operating system and current users. Wireshark is a packet sniffer commonly used for this task. 

 

External Assessment 

This assessment looks for ways to access the target network through open firewall ports, routers, web servers, web pages and public DNS servers. This assessment is conducted from outside the network using publicly available services on the internet. It could determine whether network maps have been created, external services are mapped, if there are any vulnerabilities in the web applications, determining the router and firewall configuration, detecting open ports and identifying DNS zones. 

 

Internal Assessment 

This assessment is conducted inside the network and tests internal infrastructure and services. This could include checking physical security, looking at internal open ports, scanning for malware, identifying remote management processes and determining flaws and patches on the internal network systems, devices, and servers. 

 

Host-Based Assessment 

This assessment focuses on user risks such as malicious users, uneducated users, vendors and administrators. Host-based assessments can find vulnerabilities in databases, firewalls, files, and web servers while flagging configuration errors. 

 

Application Assessment 

Application areas should be analysed for input controls and data processing rules. 

 

Wireless Assessment 

A hacker can obtain an SSID through sniffing and hack the wireless network without having to enter the building. A wireless assessment analyses patching errors, authentication problems, encryption problems, and unnecessary services. 

 

Vulnerability Research 

Vulnerability research is the process of discovering vulnerabilities and design flaws that open a system to attacks and misuse. The first thing to identify is misconfigurations. Misconfigurations are usually created by human error. Web servers, application platforms, databases, and networks are all at risk of unauthorised access. Lots of areas must be checked for misconfigurations such as outdated software, unnecessary services, incorrect authentication, disabled security settings, and debugging enabled on applications. The next area that should be checked is the default settings. If a company never changes the default settings for SSIDs and admin passwords, it is very simple for an attacker to gain access to the system. 

 

Buffer overflows 

Buffer overflows should also be checked and properly patched. A buffer overflow can happen when a buffer gets filled with more data that it is programmed for which can lead to data being held in an incorrect memory location which a hacker may be able to access. 

 

Unpatched Servers 

Hackers may be able to gain access to data held in unpatched or misconfigured servers. Since servers are a key part of an organisation’s infrastructure, this vulnerability creates a central route for access to sensitive data held in the operations. 

 

Design Flaws 

Every operating system or device has bugs or defects in their design. Hackers can utilise these flaws such as broken authentication, cross-site scripting (XSS), insufficient logging and monitoring, and incorrect encryption to hack into key systems. 

 

OS Flaws 

Flaws in the operating system can leave it vulnerable to viruses, trojan horses, worms/scripts and, undesirable software/code. Keeping an operating system up to date is the best protection against these vulnerabilities. 

 

Application Flaws 

Flaws in user validation and authorisation is a big threat to system security. This assessment determines the level of security between the server and client. 

 

Open Services 

Ports and services can lead to vulnerable spots in a network. They must be checked regularly to prevent unsecure, open, and unnecessary ports which can lead to attacks on connected nodes or devices, access to sensitive information, and denial of services attacks (DOS). 

Comments

Post a Comment

Popular posts from this blog

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

Useful Core A Acronyms

  Useful core A acronyms     NGO – Non governmental organisation   KPI – Key performance indicator   USP – Unique selling point   CRM – Customer relationship management   Saas – Software as a service   CAB – Change advisory board   SMARTER – Specific, measurable, accurate , realistic, time-bound, evaluate, re-evaluate   IPO – Intellectual property office   RCD – Registered community designs   UCD – Unregistered community designs   TNA – Training needs analysis   PRR – Post project reviews   COBC – Code of business conduct   BCS – British computing society   ML – Machine learning   CVS – Computer vision syndrome   RSI – Repetitive strain injury   DSE – Display screen equipment   HSE – Health and safety executive   ODD – Optical disk drive   RPM – Revolutions per minute   CPU – Central processing unit   RAM – Random access memory   EMI – Electromagnetic inter...
Read more