Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Penetration testing vs. Vulnerability Scanning (part 2) For this next sub-lesson we look at vulnerability scanning. We define how it's different from penetration testing, examine exactly what is targeted in the vulnerability rests and talk about who conducts and under what circumstances this security examination is made. You'll learn about security controls, what types of vulnerabilities can occur when controls are not properly deployed or managed and what security and policies strategies can be deployed to mitigate these types of vulnerabilities. [toggle_content title="Transcript"] Next we look at vulnerability scanning. With vulnerability scanning this could be done by a personnel interior to the organization you're scanning for vulnerabilities. Vulnerability is defined as the weakness or absence of a control. This could be done using automated tools or it could be done by the administrators manually. If you're doing vulnerability scanning, you want to passively test your security controls. A passive is not as intrusive as an active test. Active tests are usually very intrusive but the passive test you are just checking to see that are the controls in place or not. You could also want to identify vulnerabilities. Best practice when we identify vulnerabilities we could identify vulnerabilities within our personnel, identify the vulnerabilities within the facility and also vulnerabilities that exist within the technology. On our networks we could also identify vulnerabilities maybe some vulnerabilities exists for patches are missing, configurations not done properly, multiple accounts without proper complexity passwords or no password at all, passwords that do not expire so we could use automated tools. An example is the Microsoft baseline security analyzer this allows to audit the systems for vulnerabilities. That way you can audit an individual system or multiple systems on your network and what the software does is to generate a report, a report showing you in detail all the vulnerabilities that exist as tested according to the baseline provided by Microsoft. We also need to identify a lack of security controls where security controls are lacking means that anybody, everybody has whatsoever type of access the desire on the network. There are no security controls to restrict access, to limit access to resources within the network. Now there can be no accountability if there is no security control there is no accountability so we need to identify a lack of security controls such that reports could be generated to subsequently remediate these lack of security controls. We also need to identify common misconfigurations. This is a very important step in vulnerability assessment. Some people will install routers and switches straight out of the box no passwords, to lock these devices down. Some people would install even motion sensor, motion detectors, and the detectors are too high or even cameras and there are blind spots so when we do vulnerability scanning we should find these misconfigurations and correct them so that these controls can be effective and efficient as to how they carry out the desired objectives for which we put the controls in the first place. There are several types of testing that could be conducted by the penetration testers. We have Black box testing. In black box testing the penetration testers have no knowledge of the test environment, what sort of operating system is the server running? Where is the server? What platform is it running? What applications are running? What services? What ports are on the server system? The penetration tester has no knowledge of the test environment so they are walking blind so to say. Where we provide the penetration testers with sufficient knowledge of the test environment. We're set to be doing white box testing. They have knowledge of the test environment, they know the operating system, they know the system ports, they know the properties, everything about the test environment is given to the penetration tester we're said to be doing white box testing. Finally we have grey box testing. This is between black and white so if you have just given the penetration testers some knowledge of the test environment they are set to be grey box Testing. This concludes the section 3.8 for us. [/toggle_content]