Outdated software and bad code contribute to vulnerabilities.
Poorly configured networks create security issues.
Exposed ports and services unintentionally vulnerable to attacks.
Internal conditions of organizations define their vulnerability landscape.
Focus on managing internal vulnerabilities to avoid surprises.
Involves identifying and addressing threats that can exploit weaknesses.
Keeping track of vulnerabilities is critical to ensuring security.
Vulnerability Scanning: A key activity in the vulnerability management process.
Scanning identifies weaknesses across networks and applications.
Can be conducted externally or internally depending on the target.
External Vulnerability Scans: Assess the security of resources exposed to the internet.
Identify improperly secured services and weak password practices.
Internal Vulnerability Scans: Examine resources within the organization's firewall.
Provides deeper insight as scans occur after network defenses.
May require authentication to uncover more vulnerabilities.
External Scanning: Inspects what can be seen from outside the organization.
Internal Scanning: Conducted after bypassing the perimeter firewall.
Requires connection to the internal network (e.g., Wi-Fi, workstations).
Vulnerable applications can also be scanned, which includes web apps and APIs.
Vulnerability Assessments: Combine scanning activities to determine what vulnerabilities exist and how to address them.
Requires an asset inventory to assess potential risks.
TCP Connect Scan: Utilizes the three-way handshake to establish connections and identify open ports.
TCP SYN Scan: Sends SYN requests to probe ports without completing the handshake.
Allows scanning while minimizing detections in logs.
TCP ACK Scan: Skips the SYN step, assessing if ports are open based on absence of responses.
Christmas Tree Scan: Uses flags to bypass security measures by impersonating urgent requests.
FIN Scan: Attempts to ascertain open ports through evasion of traditional SYN processes.
Importance of documenting vulnerabilities identified through scans.
Using CVEs (Common Vulnerabilities and Exposures) for standardized documentation.
Each vulnerability assigned a unique identifier for tracking.
CVSS (Common Vulnerability Scoring System): Ranks vulnerabilities based on potential impact and exploitability.
Helps prioritize action based on severity, exploitability, and prevalence.
Nmap: Widely used port scanner that identifies open ports and services.
Nessus: Comprehensive vulnerability scanner with extensive reporting capabilities.
Offers free and paid versions to suit varying needs.
OWASP ZAP: Targets application vulnerabilities and offers dynamic scanning for web applications.
Static Application Security Testing (SAST) Tools: Tools for analyzing code for vulnerabilities before deployment (e.g., SonarQube).
Scans may produce large reports; understanding outputs is crucial for actionable responses.
Assessments must be well-structured to ensure teams can address identified issues effectively.
Upcoming sessions will focus on practical usage of scanning tools demonstrated in class.
Students encouraged to prepare by downloading necessary software for upcoming assignments.