71 Copyright Goodheart-Willcox Co., Inc. OVERVIEW An organization’s network can be vulnerable to an attack in a number of ways that may not be obvious or clear to security personnel. To prevent unsecure network operation, security evaluations should be performed to discover vulnerabilities pres- ent, including those on individual devices and the software installed on them. This chapter discusses methods of evaluating the security of an organization’s network. Topics include threat hunting vulnerability scanning common vulnerabil- ities and exposures penetration testing, types, and techniques reconnaissance baselining and assessing and managing log files. Evaluating Security The former director of the FBI, Robert Mueller once said, “There are two companies, those that have been hacked, and those that will be.” This provocative statement is nearly a decade old but still rings true today, maybe even more so. Technology inte- gration in business is pervasive, and its widespread use has made it a clear target for hackers. Organizations that fail to perform security assessments are leaving their networks and their companies at a high risk of compromise. Awareness is the first stage in developing a culture of security within the orga- nization. A security assessment is a periodic exercise that evaluates a company’s security preparedness. The assessment looks at business practices, physical security measures, and associated technology incorporated throughout an enterprise net- work. The purpose of a security assessment is to keep networks, devices, and data safe by discovering vulnerabilities, threats, and offering recommendations to lessen the risk of future attacks. SECURITY+ NOTE The topics of attacks, threats, and vulnerabilities comprise nearly one-fourth of the CompTIA Security+ Exam. To complete this portion of the exam successfully, you must not only be able to identify an attack type but also assess and evaluate the security of a network prior to attack attempts. Be prepared to answer questions regarding vulnerability assessments and scans and the proper identification of assessment techniques, threat hunting, log management, and penetration testing. + ++ 1.1: Reconnaissance ++ 1.7: Threat hunting ++ 1.7: Vulnerability scans + 1.7: Syslog/Security information and event management (SIEM) + + 1.7: Security orchestration, automation, response (SOAR) + ++ 1.8: Penetration testing + 1.8: Passive and active reconnaissance + ++ 1.8: Exercise types + 2.1: Baseline configuration ++ 4.3: Vulnerability scan output ++ 4.3: SIEM dashboards ++ 4.3: Log files ++ 4.3: syslog/rsyslog/syslog-ng ++ 4.3: journalctl ++ 4.3: nxlog SECURITY+ CERTIFICATION EXAM OBJECTIVES The following Security+ Certification Exam Objectives are covered in this chapter. user behavior analysis (UBA) vulnerability scan vulnerability scanner war driving war flying web application scanner WORM device white box test