Hey, guys, Welcome to another episode of the S S C P Exam prep. I'm your host, Peter Simple in This is going to be the fourth lesson in the third dummy
so far in the third domain. We've taken a look at the risk management process, which is simply how to figure out how much risk an organization is currently facing. We've looked at four different ways of handling risk, and we looked at ordering, which is an evaluation off a security framework of an organization.
in this lesson, we're gonna look at vulnerability, scanning and analysis, which is simply checking the system for any type of weaknesses. These weaknesses need to be found so they could be fixed.
Vulnerability scanning is simply the process of checking a system for weaknesses. There's only one real goal with vulnerabilities scanning. You want to study your organization security framework.
You want to find problems.
You want to fix and improve on these problems, and you want to repeat the whole thing all over again.
Vulnerability scanning is the kind of thing where you can get very different results every single time we do it, so it's important to do it fairly off.
Bunch of different vantage is for vulnerability. Scanning. You can identify system vulnerabilities, right? You can't protect against the problem if you don't know there is a problem. So it's good to have these problems come to like before there is any type of hack, our
database breach or any type of exploitation.
Another advantage of last four. The prioritization of mitigation, right? If you have a bunch of vulnerabilities, you can figure out which ones are the most important. That most mission critical so you can fix them first, doesn't very good for comparing security positions
right, and you find these vulnerabilities. You can determine that you are fairly far or fairly close to the security baseline. You can fix these vulnerabilities, and you can. You go from there. You can repeat the process. You can figure out how far you were deviating from your security baseline
disadvantages, vulnerability. Scanning. You can't always focus efforts. It's very easy to get caught up in scanning everything
and anything over systems. You know, files, processes etcetera so it can get very expensive, and it could be very time consuming as well.
Another disadvantage. Vulnerability. Scanning you could crash the network. This kind of thing does happen. It does happen fairly often, even if it's just the simple scan or anything. If you could accidentally trip something or something could be caught, like some sort of type, some type of false positive,
and it could cause the system to crash.
They're really two types of vulnerability scanning
general and application specific general vulnerability. Scanning just kind of probes hosts on the operating systems. Just looking for known popular flaws, you know, takes a look at applications. Kind of figures that out.
Um, you know, what are the most typical or the most common attack types you know, for this application application specific
of owner building testing is using vulnerability tools that are specifically designed to look at certain types of software. So you want to use, you know, database really did vulnerability tools for database stuff you wanna look at, you know, email tools for any type of
e mail systems that you might have
vulnerability. Testing usually has the
following qualities where you wanna have your os fingerprint where you want to identify your Alas, you want to see what kind of vulnerabilities are associate ID with this last. So you can kind of no one to look for before you going in.
You want to, you know, use stimulus and response algorithms. This is kind of
it's kind of like a kind of poking a target to see will happen, right? So if you send a little dated to a target, you know, you want to see how it will respond, you know, you might get a response that's appropriate. You might get something that's completely not appropriate. It really depends.
You wanna have your proof would be long gone ability, right? You want to walk on your host with admin credentials? The seed.
Oh, what exactly what kinds of extra things can you get into if you are an admin? And whether or not there is an actual difference between admin credentials and normal user credentials? Sometimes
no people were add mons, and they have no idea but there and mints. And that's that's a very serious problem
if we want to identify possible vulnerabilities by cross referencing
if you If you know you know you have a certain thing, you know you have certain operating system and you know certain vulnerabilities are associated with this mobile operating system. But a lot of vulnerabilities are not associated with this operating system than the vulnerabilities that are not associate ID. Then you really don't have to
worry about them as much. You right you want to use?
You want to look at vulnerability testing from different angles.
You want to make sure lawyer vulnerability tools have the latest updates, right? Every time there's a new vulnerability that comes out that gets fixed, its signature or otherwise known as like the way it looks or the way he behaves, it's kind of loaded onto the vulnerability tool. You want to make sure those are
Um, as much as possible, simply because there's new signature is coming out all of the time.
You also want to have reported capability for all of your vulnerability tools. If you're if a scanner can't report,
doesn't do any good, right? Good vulnerability tools always provide a way to report on the results of any vulnerabilities that they might find
problems, vulnerability, testing. There's a lot of false positive. There's a lot of things that the scanner or the boulder building tool, but it was a huge problem, and reality it's It's not a problem at all. You know, this could be like an everyday occurrence.
It's also crash exposure. There's a higher risk for crash when you're vulnerability testing. So obviously
you want to be careful. You don't want to be that guy that's
trying to do good but ends up crashing the network.
Trust me, you don't want to be that guy
on the line. Another vulnerability testing problem is temporal information, right? Owner builders discovered constantly. Vulnerabilities are being fixed constantly, so just because the scan is good today doesn't mean the scan is good tomorrow. So you want to
skin and check on vulnerabilities on a somewhat consistent basis.
There's really a lot of cool scanner tools and vulnerability tools out there, which you can use. You could check out that Web site set tools dot or huge list. Everything's really cool. I highly recommend it.
So securing hosts right organizations serious about security, um, usually have ardent host configuration procedures to mandate any type of change and host employment where you want to make sure all of your systems are locked down
as much as possible.
If there is any unneeded or insecure service, you definitely want to disable one of those open ports that you're not using. Shut up. If there's any type of service that you shouldn't be using or if it's not secure, implement things like tell meant,
uh, disabled, right? Don't Don't let people have access to it.
You want to make sure you have least privilege and police on file system permissions, especially on shared network drives. You only wanna have access to the files that you actually need access to. And you wanna have plate file system permissions, even on your
own personal computer, right. If you are
creating shared folder between two different computers, you want to make sure you were only sharing it with one or two people that actually need it and not sharing it with the entire system.
All right, you wanna make sure you have your patching policy? We did talk about patch management earlier in the second domain.
You want to check applications for any type off weaknesses,
right? There's a lot of really cool Web sites out there that if you type in like an application that can come back and Rio, it will return a list of different vulnerabilities that have been historically associate ID with that application, and you always want to make sure your firewall and your routers
or doing the job that they're supposed to do and walking all of
the necessary bad trap.
Security. Monitoring, Testing Always, always. You want to test your monitoring systems to make sure they're working, and you always want to ensure they are working in your organization the way they're supposed to be working
anything out of the box is incredibly noise
out of the box intrusion detection systems or where you get the most full of positives, right? That's when every single thing is a problem, you know, because of that, because the detection system simply doesn't know your organization doesn't know how you operate. That's why it's important to
tweak it as you go so you can get more consistent and
A bunch of different ways of testing different ivy s systems.
You can always, you know, test within a single packet,
right? This is, you know, minimal functionality. Kind of want to make sure, like, is this thing even on write the check to see if the I d s even on you could test the packet Ah, better way to test it is to use multiple packets and have different different kind of the data streams
within those packets
simply to make sure the i d. S more or less Remember the packet. It's also kind of piece together. Any type of intrusion.
You want to test it with up to skate and dated, right? So this is any type of data that convert from asking me to hack the decimal or Unicode or you want to make sure that the I. D. S can convert and read all these formats. He doesn't want to make sure they can
look at fragmented data,
Any type of data that comes in real small mountain on a bunch of different packets. You want to make sure the I. D. S and kind of put those packets back together
Protocol embedded Attacks, Yes. Should be able to understand and decode commonly used applications that this is things like D N s h e d p f T p SQL things like that and also flooding detection.
If there's a whole bunch of packets coming in at once,
probably I d s better be able to pick up on that because of it. Can't you Guys are in a whole lot of trouble.
Wireless networking testing. You always want to make sure you test all of your wireless networks simply with wireless technology, especially these days. There are so many wireless technology devices that people don't even realize everything from cell phones to refrigerators
to thermostats, right? All these things live on
wireless networks, so those wireless technology for a whole lot of wireless access points and the more wireless access points if they are not properly secured, they cause a whole lot of problems, right?
Really important for a security tester. An S S. C. P. Practitioner to test for the effectiveness of wireless security, especially looking for unauthorized access points. If you have things getting onto your network without any type of authentication or encryption than
you know, you're setting yourself up. You're setting something up for disaster because at that point it's only a matter of time
tool. Something that happens
you if we want to keep it on your wireless network, there's some great tools out there. No, not to give anyone sound plugs, but that's the board's good kiss. Met Ness's always a really good tool to use and air crack,
war dialing and war driving. More dialing is kind of adity at this point, but it's still good for an SS CP practitioner to be familiar with it or dialing kind of, um,
goes through a whole bunch of different phone numbers looking for unauthorized modems to that are connected to computers, which are connected to networks so it searches. The telephone number is looking for any type of mood. Um, that would have been forgotten about,
um, and once it finds one in can, more or less Hackett now motives been falling out of the
I. T. I T. Usage area. Don't use much anymore, And that's why war dialing isn't
the whole. It isn't as prevalent as it used to be.
Very similar to war dialing this war driving, which is more or less the wireless version off war dialing. It's looking for access points on wireless networks while driving around. So it's looking
for any type of unsecured open like hot spot or some sort of Antena work, and attach itself to a wireless network so you can get into that wireless network
Into these lecture. We discussed vulnerability, scanning and analysis
What is one of the downsides of vulnerability? Testing is a too much money.
Be too many false positives.
there are too many things to scan for it to be effective,
allows for the prioritization of mitigation.
If you said see, then you are correct. Usually are too many things to scan to be effective. If you try to vulnerability, scan everything. That is why it is important to have a very specific scope on things you want to look for and test. Otherwise we'll just be simply wasting your effort.
Thanks for watching guys. I hope you weren't a lot in this video, and I'll see you next time.