Vulnerability Assessment

Overview
Discovering
 weaknesses in an environment
 design flaws
 other security
Vulnerability Examples

 Misconfigurations
 Default configurations
 buffer overflows
 Operating System flaws
 Open Services
 and others
Classification of
Vulnerabilities
 There are different tools available for
network administrators and
Pentesters to scan for vulnerabilities
in a network.
 Discovered vulnerabilities are
classified into three different
categories based on their security
levels, i.e., low, medium or high.
 furthermore, they can also be
categorized as exploit range such as
Vulnerability
Assessment
 Vulnerability Assessment can be defined
as a process of examination, discovery,
and identification of system and
applications security measures and
weaknesses.
 Vulnerability assessment also helps to
recognize the vulnerabilities that could
be exploited, need of additional security
layers, and information’s that can be
revealed using scanners.
Types of Vulnerability
Assessments
 Active Assessments: which includes actively sending
requests to the live network and examining the responses. It
requires probing the target host.
 Passive Assessments: which usually includes packet
sniffing to discover vulnerabilities, running services, open
ports and other information. It is done without interfering the
target host.
 External Assessment: It the process of assessment
with hacking's perspective to find out vulnerabilities to exploit
them from outside.
 Internal Assessment: includes discovering
vulnerabilities by scanning internal network and infrastructure.
Vulnerability Assessment
Life-Cycle
Vulnerability Assessment Life-
Cycle
 Creating Baseline
 Creating Baseline is a pre-assessment phase of the vulnerability
assessment life-cycle in which pentester or network
administrator who is performing assessment identifies the nature
of the corporate network, the applications, and services.
 He creates an inventory of all resources and assets which helps
to manage, prioritize the assessment.
 furthermore, he also maps the infrastructure, learns about the
security controls, policies, and standards followed by the
organization.
 In the end, baseline helps to plan the process effectively,
schedule the tasks, and manage them with respect to priority
Vulnerability Assessment

 Vulnerability Assessment phase is focused on assessment of the

target.
 The assessment process includes examination and inspection of
security measures such as physical security as well as security
policies and controls.
 In this phase, the target is evaluated for misconfigurations,
default configurations,
 faults, and other vulnerabilities either by probing each
component individually or using assessment tools.
 Once scanning is complete, findings are ranked in terms of their
priorities.
 At the end of this phase, vulnerability assessment report shows
all detected vulnerabilities, their scope, and priorities.
 Risk Assessment
 Risk Assessment includes scoping these identified vulnerabilities and their
impact on the corporate network or on an organization.
 Remediation
 Remediation phase includes remedial actions for these detected vulnerabilities.
High priority vulnerabilities are addressed first because they can cause a huge
impact.
 Verification
 Verification phase ensures that all vulnerabilities in an environment are
eliminated.
 Monitor
 Monitoring phase includes monitoring the network traffic and system behaviors
for any further intrusion.
Vulnerability Assessment
Solutions
 Productbased Solution Vs
Service based Solution
 Product- based solutions are deployed within the corporate network of
an organization or a private network.
 These solutions are usually for dedicated for internal (private) network.
 Service-based solutions are third-party solutions which offers security
and auditing to a network.
 These solutions can be host either inside or outside the network.
Vulnerability Assessment
Solutions
 Tree-based Assessment Vs.
Inference-based Assessment
 Tree-based assessment is the assessment approach in which auditor
follows different strategies for each component of an environment.
 For example, consider a scenario of an organization's network
where different machines are live, the auditor may use an approach
for Windows-based machines whereas another technique for Linux
based servers.
 Inference-based assessment is another approach to assist
depending on the inventory of protocols in an environment.
 For example, if an auditor found a protocol, using inference-based
assessment approach, the auditor will investigate for ports and
services related to that protocol.
Best Practice for
Vulnerability Assessment
 Before starting any vulnerability
assessment tool on a network, the auditor
must understand the complete
functionality of that assessment tool. It
will help to select appropriate tool to
extract your desired information.
 Make sure about the assessment tool that
it will not cause any sort of damage or
unavailability of services running on a
network
 Make sure about the source location of
Vulnerability Scoring
Systems
 Common Vulnerability Scoring Systems
(CVSS)-provides a way to capture the principal characteristics
of vulnerability and produce a numerical score reflecting its
severity.
To learn more about CVSS-SIG, go to website
https://www.first.org.

 Common Vulnerabilities and Exposure (CVE)-

maintain the list of known vulnerabilities including an
identification number and description of known cybersecurity
vulnerabilities.
To learn more about CVE, go to website
http://cve.mitre.org.
Common Vulnerability
Scoring Systems (CVSS)
Vulnerability Scanning

These vulnerability scanning tools

include: -
 Nessus
 OpenVAS
 Nexpose
 Retina
 GFI LanGuard
 Qualys FreeScan, and many other
tools