lecture recording on 17 February 2025 at 12.49.40 PM

Quirks in the Environment

• Outdated software and bad code contribute to vulnerabilities.

• Poorly configured networks create security issues.

• Exposed ports and services unintentionally vulnerable to attacks.

• Internal conditions of organizations define their vulnerability landscape.

Vulnerability Management

• Focus on managing internal vulnerabilities to avoid surprises.

• Involves identifying and addressing threats that can exploit weaknesses.

• Keeping track of vulnerabilities is critical to ensuring security.

Major Component: Vulnerability Scanning

• Vulnerability Scanning: A key activity in the vulnerability management process.

  • Scanning identifies weaknesses across networks and applications.

  • Can be conducted externally or internally depending on the target.

• External Vulnerability Scans: Assess the security of resources exposed to the internet.

  • Identify improperly secured services and weak password practices.

• Internal Vulnerability Scans: Examine resources within the organization's firewall.

  • Provides deeper insight as scans occur after network defenses.

  • May require authentication to uncover more vulnerabilities.

Types of Vulnerability Scans

• External Scanning: Inspects what can be seen from outside the organization.

• Internal Scanning: Conducted after bypassing the perimeter firewall.

  • Requires connection to the internal network (e.g., Wi-Fi, workstations).

Scanning Applications and Code

• Vulnerable applications can also be scanned, which includes web apps and APIs.

• Vulnerability Assessments: Combine scanning activities to determine what vulnerabilities exist and how to address them.

  • Requires an asset inventory to assess potential risks.

Understanding Network Vulnerability Scanning Techniques

• TCP Connect Scan: Utilizes the three-way handshake to establish connections and identify open ports.

• TCP SYN Scan: Sends SYN requests to probe ports without completing the handshake.

  • Allows scanning while minimizing detections in logs.

• TCP ACK Scan: Skips the SYN step, assessing if ports are open based on absence of responses.

Additional Scan Methods

• Christmas Tree Scan: Uses flags to bypass security measures by impersonating urgent requests.

• FIN Scan: Attempts to ascertain open ports through evasion of traditional SYN processes.

Managing Vulnerability Findings

• Importance of documenting vulnerabilities identified through scans.

• Using CVEs (Common Vulnerabilities and Exposures) for standardized documentation.

  • Each vulnerability assigned a unique identifier for tracking.

Prioritizing Vulnerabilities with CVSS

• CVSS (Common Vulnerability Scoring System): Ranks vulnerabilities based on potential impact and exploitability.

  • Helps prioritize action based on severity, exploitability, and prevalence.

Tools for Vulnerability Scanning

• Nmap: Widely used port scanner that identifies open ports and services.

• Nessus: Comprehensive vulnerability scanner with extensive reporting capabilities.

  • Offers free and paid versions to suit varying needs.

• OWASP ZAP: Targets application vulnerabilities and offers dynamic scanning for web applications.

• Static Application Security Testing (SAST) Tools: Tools for analyzing code for vulnerabilities before deployment (e.g., SonarQube).

Practical Application of Scanning Tools

• Scans may produce large reports; understanding outputs is crucial for actionable responses.

• Assessments must be well-structured to ensure teams can address identified issues effectively.

Upcoming Assignments & Hands-On Tool Usage

• Upcoming sessions will focus on practical usage of scanning tools demonstrated in class.

• Students encouraged to prepare by downloading necessary software for upcoming assignments.