lecture recording on 17 February 2025 at 12.49.40 PM

Quirks in the Environment

  • Outdated software and bad code contribute to vulnerabilities.

  • Poorly configured networks create security issues.

  • Exposed ports and services unintentionally vulnerable to attacks.

  • Internal conditions of organizations define their vulnerability landscape.

Vulnerability Management

  • Focus on managing internal vulnerabilities to avoid surprises.

  • Involves identifying and addressing threats that can exploit weaknesses.

  • Keeping track of vulnerabilities is critical to ensuring security.

Major Component: Vulnerability Scanning

  • Vulnerability Scanning: A key activity in the vulnerability management process.

    • Scanning identifies weaknesses across networks and applications.

    • Can be conducted externally or internally depending on the target.

  • External Vulnerability Scans: Assess the security of resources exposed to the internet.

    • Identify improperly secured services and weak password practices.

  • Internal Vulnerability Scans: Examine resources within the organization's firewall.

    • Provides deeper insight as scans occur after network defenses.

    • May require authentication to uncover more vulnerabilities.

Types of Vulnerability Scans

  • External Scanning: Inspects what can be seen from outside the organization.

  • Internal Scanning: Conducted after bypassing the perimeter firewall.

    • Requires connection to the internal network (e.g., Wi-Fi, workstations).

Scanning Applications and Code

  • Vulnerable applications can also be scanned, which includes web apps and APIs.

  • Vulnerability Assessments: Combine scanning activities to determine what vulnerabilities exist and how to address them.

    • Requires an asset inventory to assess potential risks.

Understanding Network Vulnerability Scanning Techniques

  • TCP Connect Scan: Utilizes the three-way handshake to establish connections and identify open ports.

  • TCP SYN Scan: Sends SYN requests to probe ports without completing the handshake.

    • Allows scanning while minimizing detections in logs.

  • TCP ACK Scan: Skips the SYN step, assessing if ports are open based on absence of responses.

Additional Scan Methods

  • Christmas Tree Scan: Uses flags to bypass security measures by impersonating urgent requests.

  • FIN Scan: Attempts to ascertain open ports through evasion of traditional SYN processes.

Managing Vulnerability Findings

  • Importance of documenting vulnerabilities identified through scans.

  • Using CVEs (Common Vulnerabilities and Exposures) for standardized documentation.

    • Each vulnerability assigned a unique identifier for tracking.

Prioritizing Vulnerabilities with CVSS

  • CVSS (Common Vulnerability Scoring System): Ranks vulnerabilities based on potential impact and exploitability.

    • Helps prioritize action based on severity, exploitability, and prevalence.

Tools for Vulnerability Scanning

  • Nmap: Widely used port scanner that identifies open ports and services.

  • Nessus: Comprehensive vulnerability scanner with extensive reporting capabilities.

    • Offers free and paid versions to suit varying needs.

  • OWASP ZAP: Targets application vulnerabilities and offers dynamic scanning for web applications.

  • Static Application Security Testing (SAST) Tools: Tools for analyzing code for vulnerabilities before deployment (e.g., SonarQube).

Practical Application of Scanning Tools

  • Scans may produce large reports; understanding outputs is crucial for actionable responses.

  • Assessments must be well-structured to ensure teams can address identified issues effectively.

Upcoming Assignments & Hands-On Tool Usage

  • Upcoming sessions will focus on practical usage of scanning tools demonstrated in class.

  • Students encouraged to prepare by downloading necessary software for upcoming assignments.

robot