Chapter 2 - Testing Access Controls

Question 1

Testing Access Controls

Answer 1

Testing access controls is essential for ensuring their proper functioning and security. Two main approaches, vulnerability scanning and penetration testing, are employed to identify potential weaknesses that attackers might exploit to gain unauthorized access to systems. Moreover, live systems employing access controls generate audit logs to document important events.

Question 2

Vulnerability Scanning

Answer 2

Vulnerability scanning is a method for finding flaws in operating systems, subsystems like databases and web servers, and applications. Specialized tools are used to identify open ports and exploitable vulnerabilities by sending TCP/IP packets to the target system, probing for active services.

Question 3

Penetration Testing

Answer 3

Penetration testing, often coined “pen testing,” is a procedure that is used to discover and exploit defects at the operating system or server level. Penetration testing is a step beyond vulnerability scanning: in penetration testing, potential weaknesses are exploited in order to prove their existence.
Penetration testing usually begins with vulnerability scanning, followed by the use of additional tools to manually search for and exploit vulnerabilities.

Question 4

Audit Log Analysis

Answer 4

Access controls on information systems should create audit logs that should be regularly examined; this activity is called audit log analysis.
Several types of problems can occur on a system that might otherwise go unnoticed, including:
- Intruder reconnaissance
- Attempted break-ins
- System malfunctions
- Account abuse