Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Similar presentations


Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments."— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

2 Security+ Guide to Network Security Fundamentals, Third Edition Objectives Define risk and risk management Describe the components of risk management List and describe vulnerability scanning tools Define penetration testing 2

3 Security+ Guide to Network Security Fundamentals, Third Edition Risk Management, Assessment, and Mitigation One of the most important assets any organization possesses is its ___________ Unfortunately, the importance of data is generally __________________________ The first steps in data protection actually begin with ____________________________ ______________________________ 3

4 Security+ Guide to Network Security Fundamentals, Third Edition What Is Risk? In information security, a ________ is the likelihood that a ________________ will ___________________________ More generally, a risk can be defined as an ______________________________ Risk generally denotes a potential ________ ________________ to an asset 4

5 Security+ Guide to Network Security Fundamentals, Third Edition Definition of Risk Management Realistically, risk ____________ ever be entirely eliminated  Would cost too much or take too long Rather, some degree of risk must always be assumed ____________________________  A _________________________________ to managing the ______________________ that is related to a threat 5

6 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management Five Steps: 1. Asset Identification 2. Threat Identification 3. Vulnerability Appraisal 4. Risk Assessment 5. Risk Mitigation More to come on these… 6

7 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management 1. The first step in risk management is ________________________________  Determine the assets that _____________________  Involves the process of _________________________ these items Types of assets:  Data  Hardware  Personnel  Physical assets  Software 7

8 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management (continued) Along with the assets, the _________ of the assets need to be ___________ (example on following slide…) Important to determine each item’s ______________ Factors that should be considered in determining the relative value are:  How _________________ to the goals of the organization?  How difficult would it be to replace it?  How much does it ________________________?  How much _______________ does it generate? 8

9 Security+ Guide to Network Security Fundamentals, Third Edition9

10 Steps in Risk Management (continued) Factors that should be considered in determining the relative value are: (continued)  How quickly can it be replaced?  What is the ____________________?  What is the _____________ to the organization if this ____________________?  What is the security implication if this asset is unavailable? 10

11 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management (continued) 2. Next step in risk management is _______________  Determine the threats from threat agents ______________________  Any _______________ with the power to ______________ against an asset (examples on following slide…) Threat __________________  Constructs _________________ of the types of threats that assets can face  Helps to understand who the attackers are, why they attack, and what types of attacks might occur 11

12 Security+ Guide to Network Security Fundamentals, Third Edition12

13 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management (continued) __________________________  Provides a __________________ of the attacks that may occur against an asset 13

14 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management (continued) 14

15 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management (continued) 3. Next step in risk management is ______________ ___________________________  Takes a snapshot of the _______________________ as it now stands Every asset must be viewed in light of each threat Determining vulnerabilities often depends upon the background and experience of the assessor  A ________________________ is better for determining vulnerabilities vs. just a single person 4. Next step in risk management is _______________  Involves determining the ______________________ from an attack and the ____________ that the _____________ ____________________ to the organization 15

16 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management (continued) ________________________ can be helpful in determining the impact of a vulnerability Two formulas are commonly used to calculate expected losses  Single Loss Expectancy (___________) The expected _______________________________  Annualized Loss Expectancy (_________) The expected ________________ that can be expected for an asset due to a risk _______________________ 16

17 Security+ Guide to Network Security Fundamentals, Third Edition17

18 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management (continued) 5. Last step in risk management is ______________________________  Must ask oneself what can we do about the risks? Options when confronted with a risk:  ____________ the risk 18

19 Security+ Guide to Network Security Fundamentals, Third Edition Steps in Risk Management- Summary 19

20 Security+ Guide to Network Security Fundamentals, Third Edition Identifying Vulnerabilities Identifying vulnerabilities through a __________________________  Determines the _____________________ that could expose assets to threats Two categories of software and hardware tools  Vulnerability scanning  Penetration testing 20

21 Security+ Guide to Network Security Fundamentals, Third Edition Vulnerability Scanning ___________________ is typically used by an organization to ___________________ ____________________  need to be addressed in order to ___________ _________________________ Tools include port scanners, network mappers, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers 21

22 Port Scanners Internet protocol (IP) addresses  The primary form of address identification on a TCP/IP network  Used to uniquely identify each network device ___________________  TCP/IP uses a numeric value as an __________ ____________________________________ Each datagram (packet) contains not only the source and destination IP addresses  But also the source port and destination port Security+ Guide to Network Security Fundamentals22

23 Security+ Guide to Network Security Fundamentals, Third Edition23 Port Scanners (continued)

24 Security+ Guide to Network Security Fundamentals, Third Edition Port Scanners (continued) If an attacker knows a specific port is used, that _____________________________ ___________________  Used to ______________________________ that could be used in an attack  __________________________ to know what applications are running and could be exploited Three port states:  Open, closed, and blocked 24

25 Security+ Guide to Network Security Fundamentals, Third Edition25

26 Security+ Guide to Network Security Fundamentals, Third Edition26

27 Security+ Guide to Network Security Fundamentals, Third Edition Network Mappers ______________________  Software tools that can __________________ _________________________ Most network mappers utilize the TCP/IP protocol ___________________  Uses _____________ Internet Control Message Protocol (ICMP)  Provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices 27

28 Security+ Guide to Network Security Fundamentals, Third Edition Network Mappers (continued) Can be used by Network Admins to ___________________________________ attached to the network Can be used by __________ to discover what ______________________ for attempted attack 28

29 Security+ Guide to Network Security Fundamentals, Third Edition Protocol Analyzers _________________ (also called a _______)  ______________________ to decode and __________________ its contents  Can fully decode application-layer network protocols Common uses include:  ______________________  Network _____________________  _______________________ 29

30 Security+ Guide to Network Security Fundamentals, Third Edition30

31 Security+ Guide to Network Security Fundamentals, Third Edition Vulnerability Scanners ______________________  A generic term that refers to a range of products that ________________ in networks or systems  Intended to ________________________ and _______________________ to these problems Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect Other types of vulnerability scanners __________________________________ __________________________________ 31

32 Security+ Guide to Network Security Fundamentals, Third Edition32

33 Security+ Guide to Network Security Fundamentals, Third Edition Open Vulnerability and Assessment Language (OVAL) Open Vulnerability and Assessment Language (__________)  Designed to promote ___________________ _____________________________  ____________ the transfer of information across ____________________________  A “____________________” for the exchange of information regarding security vulnerabilities These vulnerabilities are identified using industry- standard tools 33

34 Security+ Guide to Network Security Fundamentals, Third Edition Open Vulnerability and Assessment Language (OVAL) (continued) OVAL vulnerability definitions are recorded in Extensible Markup Language (XML)  __________________________________ Structured Query Language (SQL) OVAL supports Windows, Linux, and UNIX platforms 34

35 Security+ Guide to Network Security Fundamentals, Third Edition Open Vulnerability and Assessment Language (OVAL) (continued) 35

36 Security+ Guide to Network Security Fundamentals, Third Edition Password Crackers Password- RECALL…  A secret combination of letters and numbers that only the user knows Because passwords are common yet provide weak security, they are a _________________________ Password cracker programs…  Use the file of ____________________ and then attempts to break the hashed passwords _______________ The most common offline password cracker programs are based on _____________ attacks or ________________________ 36

37 Security+ Guide to Network Security Fundamentals, Third Edition37

38 Security+ Guide to Network Security Fundamentals, Third Edition Password Crackers (continued) ______________________  A defense against password cracker programs for UNIX and Linux systems A shadow password mechanism _________ _______________, the “shadow” password file  This shadow file can ___________________ ___________________ and contains only the hashed passwords 38

39 Security+ Guide to Network Security Fundamentals, Third Edition Penetration Testing ______________________  Method of _____________________________ ________________________ By _______________ instead of just scanning for vulnerabilities  Involves a more _______________ of a system for vulnerabilities One of the first tools that was widely used for penetration testing as well as by attackers was ______________ Security Administrator Tool for Analyzing Networks 39

40 Security+ Guide to Network Security Fundamentals, Third Edition Penetration Testing (continued) SATAN could __________________________ by performing penetration testing  Tests determine the ________________________ and what vulnerabilities may still have existed SATAN would:  Recognize several common networking-related security problems  Report the problems _________________________  Offer a tutorial that explained the problem, what its impact could be, and how to resolve the problem 40

41 Security+ Guide to Network Security Fundamentals, Third Edition Summary In information security, a risk is the likelihood that a threat agent will exploit a vulnerability A risk management study generally involves five specific tasks Vulnerability scanning is typically used by an organization to identify weaknesses in the system that need to be addressed in order to increase the level of security Vulnerability scanners for organizations are intended to identify vulnerabilities and alert network administrators to these problems 41

42 Security+ Guide to Network Security Fundamentals, Third Edition Summary (continued) More rigorous than vulnerability scanning, penetration testing is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker instead of only scanning for vulnerabilities 42


Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments."

Similar presentations


Ads by Google