Security Testing Know How 1: Vulnerability Assessment
Having an IT infrastructure today is pure necessity for any business in our online world. Whether it is to store, process or generate data, one thing is certain – companies require their systems to be secure. Cyber security is a complex subject and even if you have a proper team in place, continuous testing is utterly important to make sure the integrity, availability and confidentiality of the infrastructure is maintained. There are 3 pillars to testing computer systems: Vulnerability Assessments, Penetration Testing and Threat Hunting.
In this mini-series we will be exploring all 3, giving companies a head-start on security testing techniques, starting with Vulnerability Assessment.
What is Vulnerability Assessment?
Simply put, a vulnerability assessment is the first step in defining, identifying, classifying and prioritizing weaknesses in computer systems, applications and network infrastructures. The upshot of this exercise provides organizations with the necessary knowledge, awareness and risk background to understand the threats to its environment and adjust accordingly.
Vulnerability Assessments rely on discovering different types of system, infrastructure or network limitations, which means the process includes using a variety of software and hardware tools, scanners and methodologies to identify weaknesses, threats and risks. The results provide the organization with powerful intelligence on the vulnerability residing in the resources and assets. The identified weaknesses then can be properly mitigated; thus the process of vulnerability assessment reduces the likelihood of a cyber-attack and ultimately provides valuable information that can be used for tweaking acquisition and procurement of systems, empowering cyber security teams and be a basis for Penetration Testing.
An analogy we like to use is that of 2 houses. One which assesses the weakness of its entry points by thieves and the other which does nothing. The first house, having assessed its weaknesses is better placed to implement the right security measures to make it more difficult for a thief to enter. The second house, which remains subjected to weaknesses becomes an easier target for thieves. Hence the aim here is always to be in the position of the first house.
There are a few different Vulnerability Assessments an organization could utilize, which are briefly outlined below:
Network-Based Vulnerability Assessments – identify network security attack vectors and associated network weaknesses. In complex organizations there might be several network devices or servers that pose an entry point and are vulnerable to external attacks. Network Vulnerability Assessments aim to create a threat map of the network and pinpoint segments where a Penetration Testing is required.
Host-based Vulnerability Scans – are used to triangle and identify vulnerabilities in servers, workstations or other network devices. This technique explores open ports or running that may be exploited as an entry point for an attack or possible leak of information and data hosted on the network. Though similar to network-based assessment, it does provide an extended view and visibility into device configuration and history.
Wireless Network Scans – are aimed at the Wi-Fi networks and the entry points connecting to that said network. Rogue access points or compromised devices can be identified by this method as well as the validation of proper network configuration.
Application Scans – can be used to assess website or software asset vulnerabilities for currently known backdoors and weaknesses. It also identifies configuration problems in network or web applications by a static/dynamic analysis of the source code.
Database Scans – are used to identify database vulnerabilities or weak points to prevent malicious attacks such as SQL injections or privilege escalation.
Vulnerability Assessment relies on automated tools that can be configured to continuously monitor the above segments of the network and pro-actively report or alert incident teams of any identified weaknesses. There are many types of these tools available such as:
- Web application scanner tools that test for and simulate known attack patterns as well as report misconfiguration errors;
- Protocol scanners that search for vulnerable protocols, ports and network services;
- Network scanners that help visualize networks and discover warning signals like unmonitored IP addresses of subsystem assets, spoofed packets and suspicious packet generation from a single IP address.
Regular and ongoing scans with a mix of tools are required for the vulnerability assessment program to yield useful results. The information can be used and be a basis for Penetration Testing, which is a mix on manual/automatic process of actively identifying and exploiting vulnerabilities in order to understand the right mitigation needed for said gaps.
We will talk in detail about Penetration Testing in our next blog.
Has your organisation implemented adequate vulnerability assessment tools, and does it conduct regular penetration testing? D4n6 can assist you in identifying the most suitable tools you may require and can also conduct security testing exercises you may require. We provide our clients with the tools and training required to become self-sufficient in carrying out such activities. Contact us for more information.