Chapter 5 - Program Management and Oversight Flashcards
Vulnerability Management
Identifying, prioritizing, and remediating vulnerabilities in our environment.
Vulnerability Scanning
Detecting new vulnerabilities as they arise.
Asset Inventory
A list of all connected systems on a network.
Risk Appetite
An organization’s willingness to tolerate risk within the environment.
Regulatory Requirements
Requirements imposed by the government or corporate policy that dictate how often a vulnerability scan should occur.
Credentialed Scanning
Allows the vulnerability scanner to authenticate with target systems so that its detection capabilities are extended.
Agent-Based Scanning
Agent-Based Scanning involves installing small software agents on each target server. These agents will themselves perform a vulnerability scan from the “inside-out” and then report this information back to the vulnerability management system.
Scan Perspectives
Each scan perspective conducts a vulnerability scan from a different location on the network (internet, internal workspace, data center, etc.).
What are the three main techniques for Application Testing?
- Static Testing (analyzing code without executing it)
- Dynamic Testing (running all the interfaces that the code exposes to the user with a variety of inputs)
- Interactive Testing (analyzing the source code while testers interact with the application)
Common Vulnerability Scoring System (CVSS)
The Common Vulnerability Scoring System is an industry standard for assessing the severity of security vulnerabilities. This score is a number between 0 and 10 that is based on eight different measures.
What are the eight metrics used by the Common Vulnerability Scoring System?
- Attack Vector
- Attack Complexity
- Privileges Required
- User Interaction
- Confidentiality
- Integrity
- Availability
- Scope
Patch Management
A Patch Management program involves the routine patching of security issues/flaws.
Legacy Platforms
A Legacy Platform is a system that is no longer receiving support from the original vendor. This means that the vendor will not investigate or correct any security flaws that arise in the product.
Weak Configurations
Weak Configuration settings on systems, applications and devices can jeopardize security. Some examples include default settings, default credentials, unnecessary open ports and open permissions.
How can error messages be used by attackers
Forgetting to disable debug mode/error messages on public-facing systems can allow attackers to retrieve information about the internal structure of a system/application.
Insecure Protocols
Insecure Protocols used on older networks often failed to use encryption and would commonly send data in the clear. Some examples of insecure protocols are Telnet and FTP.
Penetration Testing
Penetration Testing are authorized, legal attempts to defeat an organization’s security controls and perform unauthorized activities.
Threat Hunting
Threat Hunters use the attacker mindset to search the organization’s technology infrastructure for the artifacts of a successful attack.
What are the four types of penetration tests?
- Physical
- Offensive
- Defensive
- Integrated (collaboration between offensive and defensive experts)
What are the three classification types for how much knowledge a penetration tester may have about an environment?
- Known environment
- Unknown environment
- Partially known environment
What are some of the common Rules of Engagement for a penetration test?
- Timeline
- Locations, systems, applications or other potential targets
- Data handling requirements
- Behaviors (to expect from the target)
- Resources to be committed to the test
- Legal concerns
- When and how communications will occur
Passive Reconnaissance
Passive Reconnaissance techniques seek to gather information without directly engaging with the target. Some examples of Passive Reconnaissance include performing lookups of domain information (DNS or WHOIS), performing web searches, or reviewing public websites.
Active Reconnaissance
Active Reconnaissance techniques directly engage the target in intelligence gathering. Some examples of Active Reconnaissance include port scanning, foot-printing, and vulnerability scanning.
Initial Access
Initial Access refers to when a hacker exploits a vulnerability to gain access to an organization’s network.
