Security Essentials, Textbook page 73

Copyright Goodheart-Willcox Co., Inc. 73 Chapter 3 Security Evaluation as power plants, financial institutions, and transportation systems. Another free feed is the Automated Indicator Sharing feed from the US Department of Homeland Security (DHS). This service facilitates exchange of cyber threat indicators from many organizations as a threat feed. Advisories and Bulletins Another source for obtaining cyber threat intelligence comes from advisories and bulletins. Governmental agencies, cyber companies, and vendors are examples of sources that provide current information about cyber threats and incidents. One of the most informative advisory and bulletin systems is the National Cyber Awareness System from the Cybersecurity and Infrastructure Security Agency (CISA). From the web page, you can view current activity, such as critical security updates or weekly bulletins that provide a summary of current vulnerabilities. In addition, ven- dors often publish advisories and bulletins that identify threats to their products. Maneuvers Another method for obtaining cyber threat intelligence is to perform cyber maneuvers. This is a proactive approach to searching and navigating a network for potential anomalies or threats to the system. Instead of waiting for an alert from a security product, a security team can search for a specific threat and then maneuver through the network searching for evidence of the potential threat. In this method, the secu- rity team becomes cyber hunters by actively searching for threats. Vulnerability Scan A vulnerability scan is a security assessment that searches a computer or net- work for potential vulnerabilities or weak security configurations. A weak security configuration is a poorly designed or inadequate security structure. For a compre- hensive security assessment, vulnerability scanning is completed in conjunction with penetration testing (pen testing). An external scan is one conducted outside an organization’s firewall, and an internal scan is a scan conducted within the system. There are two general categories of vulnerability scans. ■ ■ A noncredentialed scan, also called nonauthenticated, is a scan that does not require credentials to access the system. The scan is similar to an outsider’s view. ■ ■ A credentialed scan, also called authenticated, requires credentials of an account registered to a device being scanned. By using a username and pass- word registered to a computer, users have access to files and folders that a scan run outside the network would not have. Vulnerability Scanners A vulnerability scanner is software that automates the process of scanning com- puter systems for potential security weaknesses in software, configurations, and other settings. Vulnerability scanners are tools used to assess an organization’s secu- rity posture and identify potential attack vectors. ■ ■ A passive scanner examines systems and monitors network activity. Since the scanner only monitors activities, it does not interfere with any client or network operations. Passively testing security controls can provide a great deal of infor- mation about vulnerabilities, including vulnerable software programs, unusual activities, or open ports. 1.7 1.7 1.7

Previous Page Next Page

Security Essentials, Textbook Page 73 (87 of 704)

Help