1 / 20

Network Vulnerability Scanning

Network Vulnerability Scanning. Summer Cyber-Security Workshop, Lubbock, July 2014. Need for Vulnerability Management. Sources of Vulnerabilities Programming errors Unintentional mistakes or intentional malware in General Public License software Improper system configurations

nay
Download Presentation

Network Vulnerability Scanning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Vulnerability Scanning • Summer Cyber-Security Workshop, Lubbock, July 2014

  2. Need for Vulnerability Management Sources of Vulnerabilities • Programming errors • Unintentional mistakes or intentional malware in General Public License software • Improper system configurations • Mobile users sidestepping perimeter security controls • Rising attacks through viewing popular websites • Vulnerabilities on a network are GOLD to cyber criminals: • Provide unauthorized entry to networks • Can expose confidential information, fuel stolen identities, violate privacy laws, or paralyse operations • Exposure is extreme for networks with vulnerable devices connected by IP • Summer Cyber-Security Workshop, Lubbock, July 2014

  3. Need for Vulnerability Management Attack Trends • Increased professionalism and commercialization of malicious activities • Threats that are increasingly tailored for specific regions • Increasing numbers of multistaged attacks • Attackers targeting victims by first exploiting trusted entities • Shift from “Hacking for Fame” to “Hacking for Fortune” • Despite utilization of basic defenses, network security breaches abound • TJX exposed 46M records • DSW exposed 1.4M records • CardSystems exposed 40M records • 215M+ reported record exposures since 2005 (actual is significantly higher) • Automation is Crucial • Manual detection and remediation workflow is too slow, too expensive and ineffective • Summer Cyber-Security Workshop, Lubbock, July 2014

  4. Need for Vulnerability Management Challenges IT Security Face • NOT enough TIME, PEOPLE, BUDGET • Prioritization of efforts for minimize business risks and protecting critical assets. We can’t fix all problems - what can we live with? • Adapting to accelerating change in sophistication of attacks. • Did we learn our lessons? • Most vulnerabilities are long known before exploited • Successful exploitation of vulnerabilities can cause substantial damage and financial loss • A few vulnerable systems can disrupt the whole network • System misconfiguration can make systems vulnerable • Summer Cyber-Security Workshop, Lubbock, July 2014

  5. Vulnerability Management Vulnerability Scanning 1. DISCOVERY (Mapping) 6. VERIFICATION (Rescanning) 2. ASSET PRIORITISATION (and allocation) 5. REMEDIATION (Treating Risks) 3. ASSESSMENT (Scanning) 4. REPORTING (Technical and Executive) • Summer Cyber-Security Workshop, Lubbock, July 2014

  6. Mapping Vulnerability Scanning • Mapping • Gives hacker’s eye view of you network • Enables the detection of rogue devices • Summer Cyber-Security Workshop, Lubbock, July 2014

  7. Prioritisation Vulnerability Scanning • Asset Prioritisation • Some assets are more critical to business than others • Criticality depends of business impact • Summer Cyber-Security Workshop, Lubbock, July 2014

  8. Vulnerability Scanning • Scanning: • takes an “outside-in” and “inside-in” approach to security, emulating the attack route of a hacker • tests effectiveness of security policy and controls by examining network infrastructure for vulnerabilities • Summer Cyber-Security Workshop, Lubbock, July 2014

  9. Vulnerability scanners Vulnerability Scanning • Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses • Summer Cyber-Security Workshop, Lubbock, July 2014

  10. How Vulnerability Scanners Work Target 1 Target 2 Vulnerability Database Scanning Engine Target 3 Knowledge Base Target 4 Vulnerability Scanning GUI Results • Summer Cyber-Security Workshop, Lubbock, July 2014

  11. Vulnerability scanners Vulnerability Scanning • Similar to virus scanning software: • Contain a database of vulnerability signatures that the tool searches for on a target system • Cannot find vulnerabilities not in the database • New vulnerabilities are discovered often • Vulnerability database must be updated regularly • Summer Cyber-Security Workshop, Lubbock, July 2014

  12. Typical Vulnerabilities Checked Vulnerability Scanning • Network vulnerabilities • Host-based (OS) vulnerabilities • Misconfigured file permissions • Open services • Missing patches • Vulnerabilities in commonly exploited applications (e.g. Web, DNS, and mail servers) • Summer Cyber-Security Workshop, Lubbock, July 2014

  13. Vulnerability Scanners - Benefits Vulnerability Scanning • Very good at checking for hundreds (or thousands) of potential problems quickly • Automated • Regularly • May catch mistakes/oversights by the system or network administrator • Defense in depth • Summer Cyber-Security Workshop, Lubbock, July 2014

  14. Vulnerability Scanners - Drawbacks Vulnerability Scanning • Report “potential” vulnerabilities • Only as good as the vulnerability database • Can cause complacency • Cannot match the skill of a talented attacker • Can cause self-inflicted wounds • Summer Cyber-Security Workshop, Lubbock, July 2014

  15. Vulnerability Scanners tools • Port scanner (Nmap, Nessus) • Network enumerator • Network vulnerability scanner (BoomScan) • Web application security scanner • Database security scanner • Host based vulnerability scanner (Lynis, ovaldi, SecPod Saner) • ERP security scanner • Computer worm

  16. Summary Vulnerability Scanning • Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses • Used by defenders to automatically check for many known problems • Used by attackers to prepare for and plan attacks • Summer Cyber-Security Workshop, Lubbock, July 2014

  17. Vulnerability Scanners tools comprehensive vulnerability scanner which is developed by Tenable Network Security.

  18. Vulnerability Scanners tools Port scanner (Nmap)

  19. Qualys https://freescan.qualys.com/freescan-front/ • Summer Cyber-Security Workshop, Lubbock, July 2014

  20. Qualys http://lhs.lubbockisd.org • Summer Cyber-Security Workshop, Lubbock, July 2014

More Related