Time
1 hour 51 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Security Traits and Vulnerabilities Our next lesson covers the topic of Security Traits and Vulnerabilities. We define what is met by Security Traits and Vulnerabilities, and then closely examine the types of tools we can use to support this decision-enabling strategy. For example, we look at Protocol Analyzers in terms of what it does, how it works and what information we can learn about the data it provides. We examine Vulnerability and Port Scanners and learn what they reveal to use and why that information is important to what and how we secure network assets. [toggle_content title="Transcript"] Given a scenario use appropriate tools and techniques to discover security threats and vulnerabilities. This starts off with interpret results of security assessment tools. In the network environment we use security assessment tools to analyze the environment network so this will give us certain results. We need to interpret these results so that we can make decisions. Are we safe, are we secure or are we under attack or have incidents occurred on the network. Your network administrators need to review the results from the numerous tools that could be deployed on the network and interpret this results to make meaning out of the results. Do the results indicate secure network environments or do they indicate an intrusion or some malicious attacks that are still in the passive state or passive form. So this results are very important to tell. On our network, we could use multiple source of tools to do this assessments. We start with protocol analyzers , some will refer to this as sniffers. The sniffer simply a brand of a protocol analyzer, computer networks are monitored using network protocol analyzer or internet sniffers. This devices are capable of capturing flirting and displaying network traffic so that administrators can visualize various interactions and interconnections. So the analyzers act as a view finder into the network traffic so we can see what sort of protocols are moving, or pay loads are moving on the network. It allows us to see instant messaging, data communications and e- mail messages as they move over the network. Access and installation of protocol analyzers should be administratively prohibited by all but a select few in the network environment. So that unauthorized persons do not install protocol analyzer because it would allow them eavesdrops into network communications. That way they compromise confidentiality of other users on the network. Only a few personnel should be able to do this, and this should be the trusted network administrators. We also should do venerability scanning using venerability scanner, we could scan our hardware against defined base lines. These base lines would consist of possible threat levels, possible vulnerabilities that exists on our systems. Variability is defined as the weakness or absence of a control. We have numerous that could be engaged on a system. If you ask you [inaudible] to scan, they can only scan based on their knowledge and they also possibly are very slow. How many systems can they scan at once? But using a venerability scanner, you're scanning your hardware against specific base lines examples is solution by Microsoft, Microsoft baseline security analyzer. This will scan your computer against the Microsoft baseline to ensure or to show you where venerability exists on your systems. Could it be venerability in passwords, non-expiring passwords, or you're lacking some purchase or multiple accounts with none expiring passwords staff like that. Venerability scanner will identify them and the beauty of using venerability scanners is that you could scan multiple systems at the same time. The solutions are fast and will give report that allows you to priorities your response based on criticality of the vulnerabilities that have been discovered. On our networks, you could also deploy honey pots. A honey pot is the decoy system with which we trick the malicious persons into attacking the systems on the networks. The idea is we need to learn from these malicious ones. We want to see what sort of tools they use, we want to know the sequence in which they run their tools. So we deploy decoys systems, this are loaded with fictitious files that allows the malicious persons believe they attacking a real server. Then we study their activities, we study their tools and the sequence in which they use this tools so that we can better secure our servers. By time they attack our servers we are ready and well protected. If you have numerous honey pots networked, together we have what is called honey net. Some of the organizations employ multiple honey pots within the network that is offered to as the honey net. When we use honey pot and honey nets we have to ensure that we do not put sensitive files on there. The files should be fake files that mimic sensitive files. In our production environment, we secure our systems from the knowledge we've gathered from the honey pots. We could also use pot scanners to asses our networks. We use pot scanners the same way administrators can use pot scanners, malicious persons can also use pot scanners against your network. The idea is when you're using the pot scanners you're able to detect what pots are open, what pots are in use. We have over 65,000 UDP TCP pot. It is practically impossible for a human person to sit down say he's checking this pots, so we use this tools that can better scan and tell what ports are in use and what ports should be disabled. Burner grabbing, so with banner grabbing using tools like tell net malicious persons can learn from about a system by sending all malformed packets to the system and the aerial messages that derived are used to decipher what sort of system is running, or what sort of operating system is running on the attack machine. That way they can determine the operating system and also potential applications that are running on the machine. So best practice for our network administrators, we should suppress aero messages that would give knowledge of the environment to the malicious persons. In doing all this assessments we have different types of assessments, we have actually risk assessment, threat assessment, venerability assessment. Where we do risk assessment we're trying to seek out risks that are in the network environment, It could risk with the applications we have, risk with the operating system, risk for the facility or some other risks with the personnel. So by doing the risk assessment we're assessing for risk. What is risk? Risk is the likelihood that something negative would happen in the network environment. It might happen it might not happen but if we do a risk assessment it allows us to identify potential areas where controls needs to be put in place. If we also do a threat assessment we're trying to seek out threats that exist on the network, or is it a threat to the facility, or a threat to the personnel or a threat to the network or systems on the network. A threat is any agent that can exploit venerability, so we have to identify this threats, we do an assessment to find the threats so that we can better put in controls that would address the threats should it occur. They we do venerability assessment. Venerability is defined as weakness or absence of a control. Network administrators will seek out to find areas on the network where weakness or controls are lacking. It could be controls are lacking with individuals, the personnel, controls are lacking with infrastructure, or controls could be lacking for the network as a whole. So by doing this assessments, risk assessment, threats assessments, venerability assessment we're able to identify areas of concern on our network and possibly identify possible solutions to mitigate this risks or threats and venerability should they occur on the network. [/toggle_content]

Video Transcription

00:04
given the scenario, use appropriate tools and techniques to discover security threats on vulnerabilities.
00:11
These starts off with
00:12
interpret results off security assessment tools. We in the network environment will use security assessment tools toe analyze the environment network. So this will give us that in results. We need toe
00:25
interpret this results so that we can make decisions.
00:28
We save our we secure. Are we under attack or incidents occurred on the network? Your network administrators need to review the results from the numerous tools that could be deployed on the network on interpret this results toe make meaning
00:44
out off the results.
00:46
Booty results indicate secure and secure network environment. Or do they indicate an intrusion or some malicious attacks that are still in the passive states or passive form? So these results the review. You are very important to tell on our network. We could use multiple source of tools
01:06
to do these assessments.
01:07
We start off with protocol analyzers.
01:11
Some would refer to these as sniffers will sniff I simply a brand of a protocol analyzer.
01:18
Computer networks are monitored using network protocol analyzers or Internet sniffers.
01:23
These devices are capable of capturing, filtering and displaying network traffic so that Agnew stitchers can visualize Varios interruptions on interconnections.
01:34
So the analyzers act as a viewfinder into the network traffic so we can see what sort off protocols are moving or payloads are moving on the network. It allows us to see
01:47
instant messaging
01:49
that our communications on email messages as they move over the network
01:56
access. An installation of protocol analyzers should be administratively prohibited by all
02:02
but a select few you know in the network environment, so that
02:07
unauthorized persons do not install protocol analyzers because it would allow them eavesdrop into network communications. That way, they compromise confidentiality off what I use us on the network on Lee. A few personnel should be able to do this on this will be the
02:24
trusted network administrators.
02:27
We also do vulnerabilities, cunning. Using vulnerability scanners, we could scan our hardware
02:35
against
02:37
defined biz lines. These biz lives will consist off possible threat levels. Possible vulnerabilities that exists on our system's vulnerability is defined as the weakness or obsess over control.
02:52
We have numerous controls that could be engaged on a system
02:55
If you ask a person to scan, the can always can't based on their knowledge and they also possibly are very slow. How many systems can this cannot? Once
03:05
so, But using a vulnerability scanner,
03:08
you're scanning your hardware
03:10
against specific bears lines. Example is, ah, solution by Microsoft Microsoft Baseline Security Analyzer. This will scan your computer against the Microsoft baseline to ensure or to show you where vulnerabilities exist on your systems. Could be vulnerabilities in the passwords
03:30
known expiring passwords.
03:31
Or you are lacking some patches or multiple accounts with known expiring passwords. Stuff like that vulnerability scanners will will identify them on the beauty of using vulnerabilities. Candace is that
03:44
you could scan multiple systems at the same time. The solutions are fast, and they will give a report that allows you to prioritize your response. Based on the criticality off the vulnerabilities that have been discovered
03:57
on our networks. We could also deployed home reports.
04:00
Honeypot is a decoy system with which we treat the malicious persons in tow, attacking the systems on the network. The idea is, we need to learn from these malicious ones. We want to see what sort of tools they use. We want to know the sequence in which they're on their tools. So we deploy decoys systems.
04:19
These are loaded with
04:20
fictitious files
04:24
that allows the malicious persons believe they're talking aerial server.
04:29
Then we started the activities. We studied the tools on the sequence in which they use these tools so that we can better secure our servers by time they attack. Our service we are ready
04:40
on will protect it.
04:41
If you have new mirrors on imports networked together, we have What is Golden Horn in it?
04:46
Some organizations employ multiple honey port within the network that is referred to as a honey in it.
04:54
When we use 20 puts on
04:57
when we use money puts on honey nets, we have Toby and we have to ensure that
05:01
we do not put sensitive files on there. The file should be fake files that mimic sensitive files in our production environment, we secure our systems from the knowledge we have gathered from the honey pots.
05:18
We could also use port scanners toe assess our networks. We lose post, can it the same way administrators can use ports. Canas. Malicious persons can also use ports. Canas against your network. The idea is when you're using the port scan as you are able to detect what ports are open?
05:35
What parts? I ain't news. We have over 65,000 UDP TCP ports. It is practically impossible for a human person to sit down. Say is checking this part. So we use these tools that can bet a scan on tell what ports I in use on what? What should be disabled?
05:54
Bana grubbing.
05:55
So with banner grabbing using tools like telnet, malicious persons can learn from about a system by sending malformed pockets to the system on the air or messages that are derived. I usedto decipher Mossad off system is running or what sort of operating system is running on the attack machine.
06:15
That way they can determine the operating system on also potential applications
06:19
that Iranian on the machine. So, um, best practice for our network administrators we should do. Ah,
06:28
we should suppress error messages that would give knowledge off the environment to the administrator to the militias. Persons.
06:36
In doing all these assessments, we have different types off assessment. We have actually risk assessment threat assessment on vulnerability assessment
06:46
where we do a risk assessment where
06:48
tryingto seek out risks that in the network environment, it could be a risk with with applications we have risked with the operating system risk for the facility or some other wrist with personnel. So by doing a risk assessment, we're assessing for risk. What is risk
07:06
risk is the likelihood that something negative will happen
07:10
in the network environment.
07:12
It might happen. It might not happen. But if we do a risk assessment, it allows us to identify potential areas where controls need to be put in place.
07:21
If we also do a threat assessment, we're trying to seek out a threat that exists on the network
07:28
or is it a threat to the facility or a threat to the personnel or a threat to the network or systems on the network?
07:35
The threat is any agent that can exploit the vulnerability.
07:40
So we have to identify the streets. We do on assessments to find the treads so that we can better put in controls that will address the threats. Should they occur,
07:49
they would do
07:51
vulnerability. Assessment of vulnerability is defined as the weakness or absence of the control
07:57
Network. Administrators will seek out toe find areas on the network where weaknesses or controls are locking. It will be
08:07
controls are lacking with individuals. The personnel controls are lucky with infrastructure or controls could be lacking for the network as a whole. So by doing these assessment, risk assessment threat assessment, vulnerability assessments were able to identify areas of concern on our network and possibly identify possible solutions
08:26
told me to get this
08:28
risks
08:28
or threats and vulnerabilities should they occur on the network.

Up Next

Fundamental Vulnerability Management

Vulnerability Management is a continuous information security risk process that requires management oversight and includes a 4-tier approach of: discovery, reporting, prioritization, and response

Instructed By

Instructor Profile Image
John Oyeleke
Lead IT Security Instructor
Instructor