Posted instudy notes

Vulnerability Assessment

No Comments

FOOTPRINTING:

Online search. Employee directories, locations,… for social engineering or tech attack

Source Code

Business/Gov websites with info on management team and financial holding

WHOIS tool (assigned IP addresses and domain name registration access -> scanning address range (fingerprinting) with port scanners (NMAP). Port numbers greater then 1023 (in the overall 65,535 ports) are called ephemeral ports (under 1024 reserved ports)

-> Open ports?

FIREWALL TOOLS: NMAP idle scan, firewall scanning for firewall rules

ACTIVE VULNERABILITY SCANNERS: OpenVas. Initiates traffic on the network to determine security holes

EXPLOITATION SOFTWARE: Metasploit

NETWORK PACKET SNIFFER: Snort or Wireshark. EAVESDROP ON NETWORK TRAFFIC

Vulnerability Remediation

defense mitigation, transference, acceptance, and termination

Configuration and Change Management

CCM is an approach to implementing system change that uses policies, procedures, techniques, and tools to manage and evaluate proposed changes. Track changes through completion and maintain systems inventory and supporting documentation.

CCM software scan and inventory… run periodically to scan for changes

In step one of the CCM program, the organization specifies which changes to it systems should be configuration-controlled. In other words, which changes need to undergo formal review and which changes can be made on the individual managers or systems administrators

step 1

test changes on test environment before applying it to production environment

Scan test environment for vulnerabilities cchanges and other anomalies

step2

Reviewers: is it needed? does it improve performance or security?

The change is technically correct, necessary, and feasible within the system constraints.

Whether the other systems will be affected by the change.

Whether the cost of implementing the change were considered and are appropriate.

Whether other security components would be affected by the change, when the change if improved should be performed. -> ACCEPTED, DENIED, DEFERRED

step3

Document changes

step4

Implement the change

step5

retain changes docs

step6

audit changes

step7

CCM oversight. the organization ensures the overall program is reviewed and managed by a CCM committee or board. This ensures the manager or committee that is approving changes is doing a good job. In general, CCM should not interfere with the use of the technology.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply