Vulnerability Assessment Types

Any weakness in the system has the potential to be dangerous and seriously harm the organisation. Ethical hackers must be aware of the different kinds of vulnerabilities they may encounter as well as the different methods for assessing vulnerabilities.


TYPES

Given below are the different types of vulnerability assessment:

Active Assessment

Use a network scanner to find hosts, services, and vulnerabilities

Passive Assessment

Used to sniff the network traffic to discover present active systems, network services, applications, and vulnerabilities present. 

External Assessment

Assesses the network from a hacker's perspective to discover exploits and vulnerabilities that are accessible to the outside world. The following are some of the possible steps in performing an external assessment:
  • Determine a set of rules for firewall and router configurations for the external network.
  • Check whether the external server devices and network devices are mapped
  • Identify open ports and related services on the external network
  • Examine the patch levels on the server and external network devices
  • Review detection systems such as IDS, firewalls, and application-layer protection systems
  • Get information on DNS zones
  • Scan the external network through a variety of proprietary tools available on the Internet
  • Examine Web applications such as e-commerce and shopping cart software for vulnerabilities

Internal Assessment

Scan the internal infrastructure to discover exploits and vulnerabilities. The following are some of the possible steps in performing an internal assessment:
  • Specify the open ports and related services on network devices, servers, and systems
  • Check the router configurations and firewall rule sets
  • List the internal vulnerabilities of the operating system and server
  • Scan for any trojans that may be present in the internal environment
  • Check the patch levels on the organization's internal network devices, servers, and systems
  • Check for the existence of malware, spyware, and virus activity and document them
  • Evaluate the physical security
  • Identify and review the remote management process and events
  • Access the file-sharing mechanisms (for example, NFS and SMB/CIFS shares)
  • Examoine the antivrus implementation and events

Host-based Assessment

Conducts a configuration-level check to identify system configurations, user directories, file systems, registry settings, etc,. to evaluate the possibility of compromise. Host-based scanners examine systems for weaknesses like software configuration flaws, improper registry or file permissions, and native configuration tables.

Network-based Assessment

Network assessments identify potential security breaches that could affect a company's network infrastructure. Professionals in network assessment employ firewalls and network scanners, like Nessus. These scanners discover vulnerabilities, locate open ports, and identify services. Typically, a network assessment evaluates a network using the following methods:
  • Check the network topologies for inappropriate firewall configuration
  • Examines the router filtering rules
  • Identifies inappropriately configured database servers
  • Tests individual services and protocols such as HTTP, SNMP, and FTP
  • Reviews HTML source code for unnecessary information
  • Performs bounds checking on variables

Application Assessment

Tests and analyzes all elements of the web infrastructure for any misconfiguration, outdated content, or known vulnerabilities.

Database Assessment

Focuses on testing databases, such as MYSQL, MSSQL, ORACLE, POSTGRESQL, etc., for data exposure or injection-type vulnerabilities. 

Wireless Network Assessment

Although wireless network standards have changed over time, many networks are still vulnerable to attacks because they have outdated security measures in place. This kind of evaluation checks wireless networks and finds any potentially malicious networks inside the walls of an organisation.

Distributed Assessment

Assesses the distributed organization assets, such as client and server applications, simultaneously through appropriate synchronization techniques.  By synchronizing the test run together, all the separate assets situated at multiple locations can be tested at the same time. 

Credentialed Assessment

Authenticated assessment is another name for credentialed assessment. In this kind of evaluation, the ethical hacker has access to the credentials of every device in the evaluated network.

Non-Credentialed Assessment

Non-credentialed assessment, also known as unauthenticated assessment, examines the network services that the host exposes to give a brief summary of vulnerabilities.
 

 Manual Assessment

After performing footprinting and network scanning and obtaining crucial information, the ethical hacker manually assesses the vulnerabilities, vulnerability ranking, vulnerability score, etc. 

Automated Assessment

In this type of assessment, the ethical hacker employs various vulnerability assessment tools, such as Nessus, Qualys, GFI LanGuard, etc. Unlike manual assessments, in this type of assessment, the ethical hacker does not perform footprinting and network scanning. 

You might be interested in,

No comments:

Post a Comment