Network Security Assessment Reading Notes – Vulnerability Assessment
This chapter is called vulnerability assessment 101. I guess this is because the topic is too huge to fit in the one chapter, even in the one book. According to the book, the assessment basically divided to three steps.
The first step is to collect information. The commonly used tool is nmap, which is open source application and can be download for both Windows OS and Linux. The other commonly used tool is whois, which still can collect many information. Of course, there are many sophisticate tools, such as Qualys. Those techs are core property of those vendors. In terms of collecting information, there are two approaches in practise. One is non-sensor-based and the other is sensor-based. Apparently, sensor-based approaches can provide more information, such as users, configurations, processes running on the assets, devices registered on the assets, etc. Sensor-based approach can overcome NAT topology, while non-sensor-based scanner could not find the assets behind NAT.
The second step is enumerate information. The scanner should have knowledge from collected information about: 1) what OS is running on the asset? 2) How many TCP ports are open on the asset? 3) How many UDP ports are open on the asset? etc.
The last step is detection. This is core part of vulnerability assessment. This part is also described in details in the following chapters. When we try to identify what is a vulnerability, we need a definition, or precisely, a benchmark. Here is the one example of benchmark – FDCC Major Version. We can use Benchmark Editor to open it. Basically, one benchmark is a collection of many rules. For example, the one rule could be Password Policy -> Maximum Password Age -> 7776000. If scanner detects that the maximum password age is larger than that, then this is a vulnerability because the hacker may brute-force password during the time.
I bookmarked your blog. Great posts. Thanks