Any weakness in the system has the potential to be dangerous and seriously harm the organisation. Ethical hackers must be aware of the different kinds of vulnerabilities they may encounter as well as the different methods for assessing vulnerabilities.
TYPES
Given below are the different types of vulnerability assessment:
Active Assessment
Use a network scanner to find hosts, services, and vulnerabilities
Passive Assessment
Used to sniff the network traffic to discover present active systems, network
services, applications, and vulnerabilities present.
External Assessment
Assesses the network from a hacker's perspective to discover exploits and
vulnerabilities that are accessible to the outside world. The following are
some of the possible steps in performing an external assessment:
- Determine a set of rules for firewall and router configurations for the external network.
- Check whether the external server devices and network devices are mapped
- Identify open ports and related services on the external network
- Examine the patch levels on the server and external network devices
- Review detection systems such as IDS, firewalls, and application-layer protection systems
- Get information on DNS zones
- Scan the external network through a variety of proprietary tools available on the Internet
- Examine Web applications such as e-commerce and shopping cart software for vulnerabilities
Internal Assessment
Scan the internal infrastructure to discover exploits and vulnerabilities. The
following are some of the possible steps in performing an internal assessment:
- Specify the open ports and related services on network devices, servers, and systems
- Check the router configurations and firewall rule sets
- List the internal vulnerabilities of the operating system and server
- Scan for any trojans that may be present in the internal environment
- Check the patch levels on the organization's internal network devices, servers, and systems
- Check for the existence of malware, spyware, and virus activity and document them
- Evaluate the physical security
- Identify and review the remote management process and events
- Access the file-sharing mechanisms (for example, NFS and SMB/CIFS shares)
- Examoine the antivrus implementation and events
Host-based Assessment
Conducts a configuration-level check to identify system configurations, user
directories, file systems, registry settings, etc,. to evaluate the
possibility of compromise. Host-based scanners examine systems for weaknesses
like software configuration flaws, improper registry or file permissions, and
native configuration tables.
Network-based Assessment
Network assessments identify potential security breaches that could affect a
company's network infrastructure. Professionals in network assessment employ
firewalls and network scanners, like Nessus. These scanners discover
vulnerabilities, locate open ports, and identify services. Typically, a
network assessment evaluates a network using the following methods:
- Check the network topologies for inappropriate firewall configuration
- Examines the router filtering rules
- Identifies inappropriately configured database servers
- Tests individual services and protocols such as HTTP, SNMP, and FTP
- Reviews HTML source code for unnecessary information
- Performs bounds checking on variables
Application Assessment
Tests and analyzes all elements of the web infrastructure for any
misconfiguration, outdated content, or known vulnerabilities.
Database Assessment
Focuses on testing databases, such as MYSQL, MSSQL, ORACLE, POSTGRESQL,
etc., for data exposure or injection-type vulnerabilities.
Wireless Network Assessment
Although wireless network standards have changed over time, many networks
are still vulnerable to attacks because they have outdated security measures
in place. This kind of evaluation checks wireless networks and finds any
potentially malicious networks inside the walls of an organisation.
Distributed Assessment
Assesses the distributed organization assets, such as client and server
applications, simultaneously through appropriate synchronization
techniques. By synchronizing the test run together, all the separate
assets situated at multiple locations can be tested at the same time.
Credentialed Assessment
Authenticated assessment is another name for credentialed assessment. In
this kind of evaluation, the ethical hacker has access to the credentials of
every device in the evaluated network.
Non-Credentialed Assessment
Non-credentialed assessment, also known as unauthenticated assessment, examines the network services that the host exposes to give a brief summary of vulnerabilities.Manual Assessment
After performing footprinting and network scanning and obtaining crucial
information, the ethical hacker manually assesses the vulnerabilities,
vulnerability ranking, vulnerability score, etc.
Automated Assessment
In this type of assessment, the ethical hacker employs various vulnerability
assessment tools, such as Nessus, Qualys, GFI LanGuard, etc. Unlike manual
assessments, in this type of assessment, the ethical hacker does not perform
footprinting and network scanning.
You might be interested in,
- Phases of Hacking
- Introduction to Vulnerability Assessment
- Vulnerability Management Assessment Phase
- Vulnerability Classification
- Vulnerability Assessment Solutions and Tools
- Vulnerability Assessment Reports
We hope this helps. If you have any suggestions or doubts you can add a
comment and we will reply as soon as possible.
No comments:
Post a Comment