Security Traits and Vulnerabilities
Security Traits and Vulnerabilities Our next lesson covers the topic of Security Traits and Vulnerabilities. We define what is met by Security Traits and Vulnerabilities, and then closely examine the types of tools we can use to support this decision-enabling strategy. For example, we look at Protocol Analyzers in terms of what it does, how it work...
Security Traits and Vulnerabilities Our next lesson covers the topic of Security Traits and Vulnerabilities. We define what is met by Security Traits and Vulnerabilities, and then closely examine the types of tools we can use to support this decision-enabling strategy. For example, we look at Protocol Analyzers in terms of what it does, how it works and what information we can learn about the data it provides. We examine Vulnerability and Port Scanners and learn what they reveal to use and why that information is important to what and how we secure network assets. [toggle_content title="Transcript"] Given a scenario use appropriate tools and techniques to discover security threats and vulnerabilities. This starts off with interpret results of security assessment tools. In the network environment we use security assessment tools to analyze the environment network so this will give us certain results. We need to interpret these results so that we can make decisions. Are we safe, are we secure or are we under attack or have incidents occurred on the network. Your network administrators need to review the results from the numerous tools that could be deployed on the network and interpret this results to make meaning out of the results. Do the results indicate secure network environments or do they indicate an intrusion or some malicious attacks that are still in the passive state or passive form. So this results are very important to tell. On our network, we could use multiple source of tools to do this assessments. We start with protocol analyzers , some will refer to this as sniffers. The sniffer simply a brand of a protocol analyzer, computer networks are monitored using network protocol analyzer or internet sniffers. This devices are capable of capturing flirting and displaying network traffic so that administrators can visualize various interactions and interconnections. So the analyzers act as a view finder into the network traffic so we can see what sort of protocols are moving, or pay loads are moving on the network. It allows us to see instant messaging, data communications and e- mail messages as they move over the network. Access and installation of protocol analyzers should be administratively prohibited by all but a select few in the network environment. So that unauthorized persons do not install protocol analyzer because it would allow them eavesdrops into network communications. That way they compromise confidentiality of other users on the network. Only a few personnel should be able to do this, and this should be the trusted network administrators. We also should do venerability scanning using venerability scanner, we could scan our hardware against defined base lines. These base lines would consist of possible threat levels, possible vulnerabilities that exists on our systems. Variability is defined as the weakness or absence of a control. We have numerous that could be engaged on a system. If you ask you [inaudible] to scan, they can only scan based on their knowledge and they also possibly are very slow. How many systems can they scan at once? But using a venerability scanner, you're scanning your hardware against specific base lines examples is solution by Microsoft, Microsoft baseline security analyzer. This will scan your computer against the Microsoft baseline to ensure or to show you where venerability exists on your systems. Could it be venerability in passwords, non-expiring passwords, or you're lacking some purchase or multiple accounts with none expiring passwords staff like that. Venerability scanner will identify them and the beauty of using venerability scanners is that you could scan multiple systems at the same time. The solutions are fast and will give report that allows you to priorities your response based on criticality of the vulnerabilities that have been discovered. On our networks, you could also deploy honey pots. A honey pot is the decoy system with which we trick the malicious persons into attacking the systems on the networks. The idea is we need to learn from these malicious ones. We want to see what sort of tools they use, we want to know the sequence in which they run their tools. So we deploy decoys systems, this are loaded with fictitious files that allows the malicious persons believe they attacking a real server. Then we study their activities, we study their tools and the sequence in which they use this tools so that we can better secure our servers. By time they attack our servers we are ready and well protected. If you have numerous honey pots networked, together we have what is called honey net. Some of the organizations employ multiple honey pots within the network that is offered to as the honey net. When we use honey pot and honey nets we have to ensure that we do not put sensitive files on there. The files should be fake files that mimic sensitive files. In our production environment, we secure our systems from the knowledge we've gathered from the honey pots. We could also use pot scanners to asses our networks. We use pot scanners the same way administrators can use pot scanners, malicious persons can also use pot scanners against your network. The idea is when you're using the pot scanners you're able to detect what pots are open, what pots are in use. We have over 65,000 UDP TCP pot. It is practically impossible for a human person to sit down say he's checking this pots, so we use this tools that can better scan and tell what ports are in use and what ports should be disabled. Burner grabbing, so with banner grabbing using tools like tell net malicious persons can learn from about a system by sending all malformed packets to the system and the aerial messages that derived are used to decipher what sort of system is running, or what sort of operating system is running on the attack machine. That way they can determine the operating system and also potential applications that are running on the machine. So best practice for our network administrators, we should suppress aero messages that would give knowledge of the environment to the malicious persons. In doing all this assessments we have different types of assessments, we have actually risk assessment, threat assessment, venerability assessment. Where we do risk assessment we're trying to seek out risks that are in the network environment, It could risk with the applications we have, risk with the operating system, risk for the facility or some other risks with the personnel. So by doing the risk assessment we're assessing for risk. What is risk? Risk is the likelihood that something negative would happen in the network environment. It might happen it might not happen but if we do a risk assessment it allows us to identify potential areas where controls needs to be put in place. If we also do a threat assessment we're trying to seek out threats that exist on the network, or is it a threat to the facility, or a threat to the personnel or a threat to the network or systems on the network. A threat is any agent that can exploit venerability, so we have to identify this threats, we do an assessment to find the threats so that we can better put in controls that would address the threats should it occur. They we do venerability assessment. Venerability is defined as weakness or absence of a control. Network administrators will seek out to find areas on the network where weakness or controls are lacking. It could be controls are lacking with individuals, the personnel, controls are lacking with infrastructure, or controls could be lacking for the network as a whole. So by doing this assessments, risk assessment, threats assessments, venerability assessment we're able to identify areas of concern on our network and possibly identify possible solutions to mitigate this risks or threats and venerability should they occur on the network. [/toggle_content]
Vulnerability Management is a continuous information security risk process that requires management oversight and includes a 4-tier approach of: discovery, reporting, prioritization, and response