Week_7_-_Vulnerability_Assessment

COTI Ngee Ann Polytechnic

Vulnerability Assessment

Week 7 Cybersecurity Operations & Threat Intelligence

Objectives

• Importance of Vulnerability Assessment

• Network and Server Profiling

• Common Vulnerability Scoring System (CVSS)

• Secure Device Management

Importance of Vulnerability Assessment

1. Prevention of Threats and Risk Mitigation

• Identifying and addressing vulnerabilities reduces risk of exploitation, data breaches, and minimizes operational, financial, and reputational risks. Vulnerabilities often serve as entry points for cyberattacks.

2. Regulatory Compliance and Trust Building

• Ensures compliance with industry regulations like PCI DSS and HIPAA. Compliance protects customer data and helps maintain stakeholder trust.

3. Proactive Defense and Resilience

• Regular identification and mitigation of vulnerabilities enhance system resilience, aligning with proactive security practices. This strengthens the organization’s defenses against emerging threats.

4. Enhanced Incident Response and Intelligence

• Understanding vulnerabilities helps prioritize resources for incident response and informs better security strategies, improving overall threat intelligence and readiness.

Network and Server Profiling

Network Profiling

• It is crucial for detecting serious security incidents by understanding normal network functioning.

• Statistical Baseline: Establishes reference points so unexplained deviations may indicate a compromise.

• Capturing Baseline Data: Essential regular updates for accurate network operation characterization.

• Sliding Window Anomaly Detection: Captures representative operational periods for baseline, removing outdated data.

• Tools like NetFlow and Wireshark aid in characterizing normal network characteristics while identifying high utilization patterns that may indicate breaches.

Elements of Network Profile

• Session Duration: Time from data flow initiation to termination.

• Total Throughput: Amount of data exchanged between source and destination.

• Ports Used: List of TCP/UDP ports accepting data.

• Malware may exploit unusual ports; therefore, profiling traffic is vital in detecting such behaviors.

• Changing user behaviors tracked through logs serve as indicators of malware or other network issues.

Server Profiling

• Establishing accepted operating states for servers helps create security baselines for given servers.

• Key Elements: Listening ports, logged in users, service accounts, and software environment provide metrics for establishing a server profile.

Network Anomaly Detection

• Employs diverse data analysis techniques to recognize unusual network behavior.

• Network Behavior Analysis (NBA) utilizes machine learning to compare normal baselines with current network performance to identify deviations indicating compromises like worm activities.

• Traffic profiling can lead to recognizing data loss potential and utilizing rule-based detection based on pre-defined patterns.

Common Vulnerability Scoring System (CVSS)

Overview

• A risk assessment tool to convey vulnerability characteristics and severity in hardware and software systems.

• Version Updates: CVSS 3.0 established standardized vulnerability scores; CVSS 3.1 released in June 2019.

CVSS Metric Groups

1. Basic Metric Group: Represents constant characteristics over time, focusing on exploitability and impact metrics related to confidentiality, integrity, and availability.

2. Temporal Metric Group: Changes over time based on countermeasures.

3. Environmental Metric Group: Adjusts scores based on specific organizational contexts.

CVSS Process

• The assessment process begins with the Base Metric group and adjusts scores based on Temporal and Environmental metrics, allowing for comprehensive vulnerability assessments.

• The CVSS calculator is user-friendly, offering metric definitions via pop-up text, generating vector strings for easy sharing and comparison.

Secure Device Management

Risk Management

• Involves selection and specification of security controls as part of an organization's information security program.

• Continues with a cyclical assessment of threats and vulnerabilities, helping organizations understand potential risks and their impacts.

• Techniques include identifying threats, threat-vulnerability matching for risk assessment baseline, and weighing vulnerabilities based on potential impact.

Vulnerability Management

• A proactive approach designed to prevent and manage IT vulnerabilities, ensuring vulnerabilities are identified, assessed, and remediated before exploitation.

• Lifecycle includes discovering vulnerabilities, inventorying assets, assessing risk, reporting expectations, and verifying remediation.

Asset Management

• Tracks networked devices and software, ensuring organization has visibility over devices accessing their network.

• Automated tools help manage the current state, desired state, and discrepancies regarding device compliance.

Mobile Device Management (MDM)

• Addresses risks associated with BYOD policies, implementing measures like disabling lost devices and using strong authentication to secure mobile devices.

• Tools help in the overall management and configuration of mobile devices remotely.

Configuration Management

• Involves setting up and maintaining hardware and software configurations, creating baseline images, maintaining security integrity, and managing system changes.

• Defined through NIST guidelines, relevant tools are utilized for effective cloud and network security management.

Enterprise Patch Management

• A vital aspect of cybersecurity related to vulnerability management.

• Involves a systematic approach to identify, acquire, distribute, and verify patches for software vulnerabilities.

• Key to compliance with regulations and preventing breaches resulting from unpatched systems.

Summary

• Discussions focused on the importance of Vulnerability Assessment, methods for Network and Server Profiling, understanding the Common Vulnerability Scoring System, and effective Secure Device Management strategies.