Understanding Vulnerability Detection and Management

Feb 6, 2025

View transcript

Lecture Notes: Detecting and Fixing Vulnerabilities

Key Topics

  • What to Scan
  • How to Scan

Challenges of Scanning

  • Companies may have thousands of devices (workstations, servers, laptops, etc.).
  • Requires consistent monitoring and prioritization based on asset criticality.

Prioritization

  • Asset Criticality: Assess the impact of asset compromise.
    • Impact on business processes.
    • Not all assets are critical.

Types of Assets

  • People: Employees, partners, suppliers, visitors.
  • Tangible Assets: IT equipment, storage devices, buildings.
  • Intangible Assets: Product ideas, brand, reputation.

Asset and Inventory Tracking

  • Use dedicated tools (open-source or commercial) for tracking:
    • Device type, model, serial number.
    • Location and user information.
    • Monetary value and service information.

Asset Classification

  • Grouping assets by:
    • Usage (production, testing, etc.).
    • Network sections, sensitivity level, financial value.
    • Legal and contractual requirements.

Vulnerability Scanning

  • Infrastructure Vulnerability Scanner: Not to be confused with Nmap.
    • Scans for vulnerabilities, not just open ports.
    • Checks OS, service packs, configurations, user accounts, etc.

Types of Scanning

  • Active vs. Passive Scanning:
    • Passive Scanning: Observes public data without interaction.
    • Active Scanning: Direct interaction with targets, more detailed.
  • Credentialed vs. Non-Credentialed Scanning:
    • Credentialed: Uses valid credentials for in-depth analysis.
    • Non-Credentialed: Simulates external attacks, uses more bandwidth.

Scanning Methods

  • Server-Based vs. Agent-Based Scanning:
    • Agent-Based: Installed on each host, low bandwidth usage, but high management overhead.
  • Network Segmentation: Ensure scanners can reach all network parts.
    • Configure routing and firewall rules.

Scanning Frequency

  • Run scans when:
    • Changes occur in the network.
    • After security breaches.
    • As per regulatory requirements.

Choosing a Vulnerability Scanner

  • Free vs. Paid Scanners:
    • Paid scanners may have better databases.
  • Specialized Scanners: For web applications, mobile apps, network devices.

Common Scanning Tools

  • Nessus: Well-known, commercial with scripting capabilities.
  • OpenVAS: Open source, from Nessus codebase.
  • Qualys: Cloud-based, uses sensors in the network.

Practical Demo: OpenVAS

  • Setting up credentials and targets.
  • Running scans and interpreting results.

Exam Tips

  • Understand the importance of asset classification.
  • Differentiate types of scanners and scans.
  • Know common tools (Nessus, Qualys, OpenVAS).

Study Tip: Focus on the differences between scanning types and the importance of asset management for exam success.

Full transcript