1. Clasificación: Pública
Globally, almost all businesses are linked to the Internet in some way or another. However,
connecting with the global internet exposes your organization's network to many threats. Tech-savvy
criminals can use the Internet to break into your network, sneak malware onto your computers,
extract proprietary information and abuse your IT resources. In order to address these threats,
organizations need to have a Vulnerability Management (VM) program. VM enables you to monitor
your network infrastructure continuously, allowing you to address vulnerabilities as they are
discovered in your network. In this course, you will understand what vulnerabilities are and the
importance of having a program to address them.
Define a vulnerability
Explain the need for Vulnerability Management
Set the scope of Vulnerability Management
Identify different options for Vulnerability Management
Describe the effectiveness of VM solution in terms of network monitoring, identifying risks
List the best practices of Vulnerability Management
Importancia del vulnerability management
In cybersecurity, a vulnerability is a weakness that Cybercriminals or Attackers can exploit to gain
unauthorized access to a computer system. Cybercriminals can target vulnerabilities and gain
personal, credit card, and health accounts information, plus business secrets and intellectual property.
In short, anything that can be sold on the black market can be exploited. Attackers can also use your
network as a platform to attack the network of other organizations.
At the end of this lesson, you will be able to:
Identify threats posed by Cybercriminals
Find sources of software vulnerabilities
Analyze international trends in vulnerabilities
Define methods to eliminate risks applying Vulnerability Management
2. Clasificación: Pública
Vulnerabilidades en la red
How do vulnerabilities expose your network to danger?
Cybercriminals have realized the monetary payback of vulnerability exploitation, and now they
successfully attack the Internet almost every day. In a University study, it was found that attackers
scanned servers with open ports and other vulnerabilities within about 23 minutes of being attached
to the Internet, and vulnerability probes started in 56 minutes. The first exploitation was made within
the average time of fewer than 19 hours. Any business that doesn't proactively identify and fix
vulnerabilities is susceptible to abuse and information theft. They also need to identify and prioritize
vulnerabilities that are at high risk.
Errores en la programacion
Esto genera la mayoria de las brechas que pueden ser explotadas, que los atacantes permanecen en
constante escrutinio de las línea de código en busca de bugs que podrían ser aprochados para
vulnerar un software
Errores de configuracion
Los errores en las configuraciones de las herramientas tambien juega una de las mayors causas de
brechas de vulnerabilidades, siendo estas malas configuraciones en los firewalls o antivirus ya que
solo basta que se de click aun url infectado para que pueda infectar equipos que no cuentan con las
correctas configuraciones.
Attack Trend
Si información confidencial de cualquier empresa es explotada es muy probable que el daño impacte
tanto a la repoutacion como los aspectos económicos
3. Clasificación: Pública
This type of attack has the following five characteristics:
1
1
Increased professionalism and commercialization of malicious activities, allowing non-technical
criminals to enter the market.
2
2
Attacks that are increasingly tailored for specific regions and interest groups.
3
3
Increasing numbers of multi-staged attacks.
4
4
Attackers that target victims by first exploiting trusted entities.
5
5
Increasing numbers of attacks against browser vulnerabilities mirroring the rise in browser usage in
people's day-to-day activities.
Executing Vulnerability Management
Vulnerability Management (VM) means systematically and continuously finding and eliminating
vulnerabilities in your computer systems. Many of the steps or processes involved in VM use
technology; other steps need IT staff to implement patches, software updates, and follow-ups. The
4. Clasificación: Pública
integration of these processes produces more robust computer security and protects your
organization's systems and data. In this lesson, you will learn six steps for laying the foundation of a
successful VM program.
Scoping Systems to Identify Inventory
To find vulnerabilities, you must first understand what assets (such as servers, desktops, copiers, and
mobile devices) are running on your network, which involves uncovering forgotten devices. You
cannot secure what you do not know. You also need to identify the people who are responsible for
maintaining these assets (the owners).
The primary purpose of scoping, also called asset discovery, is to organize your computer systems
according to their role in your business to establish an evaluation baseline. Scoping starts with a
vulnerability scan – usually done by directing the scanner at a particular Internet Protocol address or
range of addresses, so it's helpful to organize your database by IPs.
Internet-facing assets are at high risk for attacks. Always begin asset scoping with internet-facing
assets. Scoping starts with a vulnerability scan—usually done by directing the scanner at a particular
IP address or range of addresses, so it's helpful to organize your database by IPs; this is one way. In
addition to an active vulnerability scanner, various sensor types used for asset discovery and
vulnerability detection may be needed, depending on your environment.
Note: You can search for your organization domain information using IP address:
Whois tcpiputils.com
5. Clasificación: Pública
Assessing the Security Posture of the IT infrastructure
Assessments are done through vulnerability scanning, which is the fundamental process for
identifying and remediating vulnerabilities on your computer systems. You can assess this in two
ways:
1. A one-off scan gives you a snapshot of the security status of your
computer systems at a particular moment in time.
2. A recurring scheduled scan using a vulnerability scanner or agent allows
you to track the speed of applying patches and software updates and
assess how your security status improves. This level of assessment
provides you with more information that is useful for an effective VM.
In both cases, making a scan involves two steps:
I. The scanner uses its library of vulnerabilities to test and analyze computer systems, services, and
applications for known security holes.
II. A post-scan report organizes and prioritizes the actual vulnerabilities and gives you information
for applying patches and updates.
Launching a Scan
–
You can schedule a vulnerability scan to run repeatedly or run it on demand, using a scanner or
agent. The scanning is performed by your VM application based on your computer system or
network selection. To avoid unnecessary alerts, request your system owner to 'whitelist' the IP
addresses of your scanner and VM scanning solution.
6. Clasificación: Pública
Reviewing Options for Scanning Tools
–
1. It can check for a comprehensive and continuously updated database of vulnerabilities.
2. The ability to scale to the size of your organization.
SaaS allows you to do both of these things.
Knowing what to scan
–
All the devices that are connected to your organization's network and are Internet facing should be
scanned.
Mobile workforce
Today, many employees work remotely, which can cause severe challenges for your Vulnerability
Management program. One way to scan remote users is to ensure they are connected to your VPN
and scanning them over the tunnel, assuming the network and VPN can handle the traffic. The better
solution is an agent-based approach. Scanning is performed by a local agent that runs on the host
machine and provides the information necessary to evaluate the security state of the machine, with
little effect on processing, memory, and bandwidth.
When you evaluate agent-based technologies for mobile VM scanning, consider:
Integration of results: Results from agent-based scans and normal VM scans must provide the
same data and are used in the same reporting, ticketing and asset management systems.
Always-on: Agents should transmit results continuously, as soon as they are connected to the
Internet, without need for a VPN network.
Minimal footprint: The need for zero impact on the target machine favors an approach where
no VM scan is run directly on the notebook computer. Instead, data on the state of security
changes is collected and transferred to an Internet-facing system for evaluation of
vulnerability signatures.
Update speed: Signatures for scanner and agent-based scans should be the same or released in
a way that prevents result skew. Updates to them should be done automatically and scalable.
Agent-based scanning provide 100% coverage of your installed infrastructure.
7. Clasificación: Pública
Virtualization
–
Virtualization has led to gains in flexibility. With virtualization technology, a server can be set up on
demand, often within a few minutes.
To scan virtualized servers efficiently in your VM program, evaluate:
Virtual scanners: Scan engines are available for your virtualization platforms, allowing you
to seamlessly integrate the scanner into your virtualization setup.
Monitoring: In virtual environments, the creation of new servers tends to be dynamic. This
is especially true for virtualization service providers and may result in the creation of new
server networks. The downside for you is that your virtual servers on these networks are not
automatically scanned by many VM solutions. Be sure your VM solution provides
monitoring capability to automatically scan virtual servers. This requirement is mandatory.
Authorization: Service providers frequently restrict scanning to pre-approved hosts.
Consider pre-approved scanning solutions to eliminate this manual and time-consuming
requirement.
The shelf life of a point-in-time vulnerability assessment is fleeting:
Results are valid only until the environment changes or until new threats arise –
which is daily!
Networks and devices are reconfigured regularly. Vulnerabilities are found
daily, and vulnerability assessments are quickly outdated. If you want VM to
help strengthen security, it’s more appropriate to do consistent, daily scans or
use an agent which provides near real-time results.
Understanding CM and VM
Qualys Continuous Monitoring provides organizations with a comprehensive, always‐on view
of security holes, empowering them to immediately identify and proactively address vulnerabilities
before they are exploited into breaches. Built on the Qualys Cloud Platform, Qualys CM uses its
elastic scanning capacity to scale to networks of any size and scope dynamically. The key benefit of
Qualys CM is that it instantly alerts first responders on operational teams as soon as an unauthorized
change is detected. CM is the next step of immediately putting this information into the hands of first
responders for judgment and action.