Vulnerability Assessment is a process of examination, discovery, and identification of a system and applications security measures and weakness. It helps to recognize the vulnerabilities that could be exploited, need of additional security layers, and information that can be revealed using scanners.
- Active Assessments : actively sending requests to the live network and examining the the responses. It requires probing the target host.
- Passive Assessments : includes packet sniffing to discover vulnerabilities, running services, open ports, and others. It is a process without interfering the target host.
- External Assessment : find out vulnerabilities and exploit them from outside.
- Internal Assessment : find and exploit vulnerabilities in the internal network.
- Identifies the nature of the network, the applications, and services.
- Creates an inventory of all resources and assets which helps to manage, prioritize the assessment.
- Helps to maps the infrastructure, learns about security controls, policies, and standards.
- Helps to plan the process effectively.
- Includes examination and inspection of security measures (physical security, security policies and controls, ...).
- The target is evaluated for misconfigurations, default configurations, faults, and other vulnerabilities.
- Probing each component individually or using assessment tools.
- The report shows the vulnerabilities, their scope, and priorities.
- Scoping the identified vulnerabilities and their impact on the infrastructure
- Remedial actions for the detected vulnerabilities
- Start with the highest priority
- Make sure that all vulnerabilities are eliminated
- Monitor the network traffic and system behaviors for any further intrusion
- Product based solutions are deployed within the network. Usually dedicated for internal network.
- Service based solutions are third-party solutions which offers security and auditing. This can be host either inside or outside the network. This can be a security risk of being compromised.
- Tree-based Assessment is the approach in which auditor follows different strategies for each component of an environment
- Inference-based Assessment is the approach to assist depending on the inventory of protocols in an environment
- Know your tool, know everything about it
- Make sure to not cause any damage with the tool
- Make sure the source location of scan to reduce the focus area
- Run scan frequently
- None: 0.0
- Low: 0.1 - 3.9
- Medium: 4.0 - 6.9
- High: 7.0 - 8.9
- Critical: 9.0 - 10.0
Another platform to find information about vulnerabilities
Databases:
Vulnerability Scanners are automated utilities to detect vulnerabilities. These scanning tools perform deep inspection of scripts, open ports, banners, running services, configuration errors, etc...
Top scanners:
- Nessus
- OpenVAS
- Owasp-ZED
- Vega
- Nexpose
- Retina
- GFI LanGuard