Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
The VAPT testers from Suma Soft are familiar with different ethical hacking techniques such as Foot printing and reconnaissance, Host enumeration, Scanning networks, System hacking Evading IDS, Firewalls and honeypots, Social engineering, SQL injection, Session hijacking, Exploiting the network etc. https://bit.ly/2HLpbnz
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
Penetration testing reporting and methodologyRashad Aliyev
This paper covering information about Penetration testing methodology, standards reporting formats and comparing reports. Explained problem of Cyber Security experts when they making penetration tests. How they doing current presentations.
We will focus our work in penetration testing methodology reporting form and detailed information how to compare result and related work information.
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
The VAPT testers from Suma Soft are familiar with different ethical hacking techniques such as Foot printing and reconnaissance, Host enumeration, Scanning networks, System hacking Evading IDS, Firewalls and honeypots, Social engineering, SQL injection, Session hijacking, Exploiting the network etc. https://bit.ly/2HLpbnz
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Information systems in the digital age are complex and expansive, with attack vectors coming in from every angle. This makes analyzing risk challenging, but more critical than ever.
There is a need to better understand the dynamics of modern IT systems, security controls that protect them, and best practices for adherence to today’s GRC requirements.
These slides are from our webinar covering topics like:
· Threats, vulnerabilities, weaknesses – why their difference matters
· How vulnerability scanning can help (and hinder) your efforts
· Security engineering and the system development lifecycle
· High impact activities - application risk rating and threat modeling
List of Current and Planned ControlsStep 4. Contr.docxsmile790243
List of Current and
Planned Controls
Step 4. Control Analysis
Threat Statement
Step 2.
Threat Identification
List of Potential
Vulnerabilities
Step 3.
Vulnerability Identification
• Reports from prior risk
assessments
• Any audit comments
• Security requirements
• Security test results
• Hardware
• Software
• System interfaces
• Data and information
• People
• System mission
Step 1.
System Characterization
Likelihood RatingStep 5.
Likelihood Determination
• Threat source motivation
• Threat capacity
• Nature of vulnerability
• Current controls
Step 9.
Results Documentation
Risk Assessment
Report
Step 6. Impact Analysis
• Loss of Integrity
• Loss of Availability
• Loss of Confidentiality
Impact Rating
• Mission impact analysis
• Asset criticality assessment
• Data criticality
• Data sensitivity
Risks and
Associated Risk
Levels
Step 7. Risk Determination
• Likelihood of threat
exploitation
• Magnitude of impact
• Adequacy of planned or
current controls
Recommended
Controls
Step 8.
Control Recommendations
• System Boundary
• System Functions
• System and Data
Criticality
• System and Data
Sensitivity
• Current controls
• Planned controls
• History of system attack
• Data from intelligence
agencies, NIPC, OIG,
FedCIRC, mass media,
List of Current and
Planned Controls
• Reports from prior risk
assessments
• Any audit comments
• Security requirements
• Security test results
• Current controls
• Planned controls
InpInpuutt RiRisksk AsseAssessmssmeenntt AcActtiivivittiieess
Step 1.
System Characterization
OutOutpputut
Threat Statement
Step 2.
Threat Identification
• Hardware
• Software
• System interfaces
• Data and information
• People
• System mission
• System Boundary
• System Functions
• System and Data
Criticality
• System and Data
Sensitivity
• History of system attack
• Data from intelligence
agencies, NIPC, OIG,
FedCIRC, mass media,
List of Potential
Vulnerabilities
Step 3.
Vulnerability Identification
• Reports from prior risk
assessments
• Any audit comments
• Security requirements
• Security test results
-
List of Current and
Planned Controls
Step 4. Control Analysis
Likelihood RatingStep 5.
Likelihood Determination
• Threat-source motivation
• Threat capacity
• Nature of vulnerability
• Current controls
• Current controls
• Planned controls
• Mission impact analysis
• Asset criticality assessment
• Data criticality
• Data sensitivity
• Likelihood of threat
exploitation
• Magnitude of impact
• Adequacy of planned or
current controls
Step 6. Impact Analysis
• Loss of Integrity
• Loss of Availability
• Loss of Confidentiality
Impact Rating
Step 7. Risk Determination
Risks and
Associated Risk
Levels
Step 9.
Results Documentation
Risk Assessment
Report
Recommended
Controls
Step 8.
Control Recommendations
Figure 3-1. Risk Assessment Methodology F ...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
The protection of applications against cyber threats is paramount. With hackers becoming increasingly sophisticated, organizations must prioritize robust security testing practices. In this informative session, we will unveil a comprehensive security testing checklist designed to fortify your applications against potential vulnerabilities and attacks.
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial EmulationScott Sutherland
This presentation provides an overview off common adversarial emulation approaches along with attack and detection trends. It should be interesting to penetration testers and professionals in security operations roles.
This is a Brief overview of what Vulnerability and Penetration Testing are in the Information Technology Security. The focus is on the issues that always arise within a Security Network. How you as an IT can identify or notice activity of any the Attacks from Hackers or unknown Individual that are a Client.
Penetration Testing actively attempts to exploit vulnerabilities and exposures in the customer environment. You can learn more about the value and the outcomes of this services.
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
Introduction to Cyber Security. Chapter #1. Vulnerabilities in Information Systems. What is a vulnerability?
Cyberspace: From terra incognita to terra nullius.
Cyberspace performance expectations. Measuring vulnerabilities. CVSS XCCDF OVAL
Avoiding vulnerabilities through secure coding
What is the process of Vulnerability Assessment and Penetration Testing.pdfElanusTechnologies
Elanus Technologies is the Best Vulnerability Assessment and Penetration Testing Company in India providing intelligent cyber security and VAPT services on Web, Mobile, Network and Thick Client.
https://www.elanustechnologies.com/vapt.php
My Presentation on Career Opportunities in Cyber Security presented at the North Cap University during the course inauguration ceremony, where I talked about different career paths to get into the cyber security domain.
What is Penetration & Penetration test ?Bhavin Shah
Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Similar to Info Security - Vulnerability Assessment (20)
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Agenda
• What is a Penetration Test?
• What is a Vulnerability Assessment (VA)
• The difference between a Pentest & a VA
• Vulnerability Assessment Steps
• Risks on an internal VA
• Vulnerability Assessment steps with a 3rd Party
• Legal considerations and justification
• References
3. What is a Penetration Test?
• There are two types of penetration (pen) tests
– Black Box & White Box
• Analyzing assets for any weaknesses, weak
configuration, or vulnerabilities
• Perspective of a potential attacker and
leverages exploitation of known and unknown
security vulnerabilities
• Validate information security programs
• Ensure security controls
4. What is a Penetration Test?
Which components are the targets?
•Operating Systems
•Directory Services
•Backend Applications
•Server firmware and Remote Control software
•Network devices (Routers, Switches, Firewalls)
5. What is Penetration Test?
The intruder could seek unauthorized access for:
•Staging
•Information Disclosure (Confidentiality)
•Bots/Zombies (Availability)
6. What is a Vulnerability
Assessment (VA)?
“Security exercises that aid business leaders,
security professionals, and hackers in identifying
security liabilities within networks, applications,
and systems.” (Snedaker, 2007)
7. What is a Vulnerability
Assessment (VA)?
The Vulnerability Assessment detects
vulnerabilities via:
•Security Technologies
– VA Scanners Appliances and Software
•Remediation Technologies
– Patch management systems (WSUS, SCCM,
LanDesk, VMware Update Manager)
8. Penetration Test vs. VA
Penetration Test: Vulnerability Assessment:
• Confirm the vulnerabilities • Identify weaknesses
• Scan the network • Identify and enumerates
• Identify OS, Services and Vulnerabilities
TCP/UDP Ports on the hosts • Report on discoveries
• Performs attacks and
penetration
• Works to gain non-
authorized access
9. Penetration Test vs. VA
Penetration Test: Vulnerability Assessment:
To be used when: To be used when:
•We have a limited number of •Time is a constraint
assets •Cost is an issue
•Confirmation is needed •Validating
•We are fiscally flexible •Trending
•Time is not of the essence
10. Vulnerability Assessment
The 3 steps
1. Information Gathering and Discovery
Example of tools: NMAP
1. Enumeration
Example of tools: NMAP
1. Detection
Example of tools: Retina
11. Vulnerability Assessment
The 3 steps
1. Information Gathering and Discovery
– Network Scanning
– Ports Scanning
– Directory Service
– DNS Zones and Registers
12. Vulnerability Assessment
The 3 steps
2. Enumeration
– Hosts and OSs
– Ports (including the well-known: 0-1023)
– Services and their versions info
– SNMP Communities
13. Vulnerability Assessment
The 3 steps
3. Detection
– Weakness
– Vulnerabilities
– Reports are generated
– Remediation Tools
14. Risks on an internal VA
• Unavailability of the systems and applications
• Impact on the network and systems
performance
• Reaction from the IT staff as if some real
attack was taking place
15. Vulnerability Assessment Steps
with a 3rd Party
• The outsourcing company must follow the FISMA requirements, by
applying the NIST standards and guidelines
• Establish an Information Security Assessment Policy to be followed
• Determine the objectives of each security assessment
• The consulting firm should be accountable for any damage caused
by errors on during the exercise
• Sign a formal agreement for the Vulnerability Assessment
• Non-disclosure information externally
• The 3rd party should provide an Analyze findings, and develop risk
mitigation techniques accordingly and report security Incidents
(FISMA 3544(b)(7))
• The 3rd party should periodically testing and evaluating the security
controls and techniques (FISMA section 3544(a)(2)(D))
16. VA Steps with a 3rd Party
Legal considerations and justification
• The 3rd parties are required to meet the same security
requirements as federal agencies (FISMA and OMB policy)
• As part of the contract and the service-level agreements,
the consulting firm requires the use of the security controls
in NIST Special Publication 800-53 and 800-53A
• Evaluate potential legal concerns before starting an
assessment (The assessments that involve intrusive tests -
Pentest)
• Legal Department may review the assessment plan
developed by the 3rd party
• The Legal Department should address privacy concerns,
and perform other functions in support of assessment
planning. (FISMA, section 3542(a)(1)(B))
17. References:
Snedaker, S. (2007). The Best Damn IT Security management Book Period, Syngress publishing.
National Institute of Standards and Technology. (2009). Recommended Security Controls for
Federal Information Systems and Organizations (NIST Special Publication 800-53, 2009 Edition).
Gaithersburg, MD.
National Institute of Standards and Technology. (2010). Guide for Applying the Risk Management
Framework to Federal Information Systems (NIST Special Publication 800-37, revision 1).
Gaithersburg, MD.
National Institute of Standards and Technology. (2010a). Guide for Assessing the Security Controls
in Federal Information Systems and Organizations (NIST Special Publication 800-53A).
Gaithersburg, MD.
Federal Information Security Management Act (FISMA). (2002). P.L. 107-347. Retrieved August
07, 2012, from http://csrc.nist.gov/drivers/documents/FISMA-final.pdf
Editor's Notes
By Marcelo Silva
Black box testing assumes no prior knowledge of the environment, and it is the type we often associate with the Penetration Test. White box testing provides the testers with complete knowledge of the environment to be tested Validate information security programs It can validate the strengths and weaknesses of a company's information security program. Ensure security controls Most organizations practice defense in-depth strategies , or the layering of security technologies to protect an asset. Therefore, the Penetration tests can help identifying weakness on this strategy.
Operating Systems OS, File Systems, Registry, Components (DCOM/APIs) vulnerabilities Directory Services Users and Computer accounts, Security Groups, Passwords, Logon scripts Backend Applications Database (SQL/Oracle/DB2/MySQL…), Email servers (Exchange/Qmail/Lotus Notes/ Postfix/IMail…), Web and Application Servers (Appache/IIS/TomCat/Jboss) Server firmware and Remote Control software Dell DRAC, HP iLO, Blades Enclosures Onboard Administrations Network devices (Routers, Switches, Firewalls) Switches without VLANs, Routers ACLs, Firewalls rules
Staging Uses intermediary sources to exploit targets, by concealing their identity. Information disclosure Publishing sensitive data, including password files, personal information like SSN and drivers license ID, e company propriety information. Bots Denied of Services attacks, causing availability issue on the network, operating systems and applications.
Through a Vulnerability Assessment, we are able to gather all information about the networks, operating systems, services and application, and their port status as well, And then generate a report about their current vulnerabilities and risks that the company are facing due that. By using the process called OS fingerprinting , the scanner utility software is able to detect the target operating system and the applications that are running on it, and Enumerate the current state of each TCP/UDP ports. Therefore, after discovery the systems and their applications, the VA is able to determine whether a system or application has vulnerabilities.
Security Technologies VA Scanners Appliances or Software (NMAP, Nessus, Retina, Microsoft Baseline Security Analyzer and others) Remediation Technologies Patch management systems (WSUS, SCCM, LanDesk, VMware Update Manager) Some of the vulnerabilities detected by the Security and Remediation Technologies could include, and not limited to: Weak SNMP Community (Public) VMware Virtual Machine Remote Device Denial of Service VMware host memory overwrite vulnerability (data pointers) ESX NFS traffic parsing vulnerability Microsoft Windows Malicious Software Removal Tool Null Session Exposures Windows System Events Logs Overwritten Guest Access to Sys Instances Macromedia Flash Header Vulnerability
Vulnerabilities Assessment only report vulnerabilities. They don't substantiate that vulnerabilities actually exist. Penetration test ensures that vulnerability actually exist. The VA can be part of the Penetration Test, but the inverse doesn't happens.
The Vulnerability Assessment stresses an organization's security liabilities and helps to determine information security risk (Snedaker, 2007). However, VA just reports vulnerabilities. There are some reasons that justify having only the Vulnerability Assessment: Timing constraint - Penetration tests take longer to be performed and provide results and analyses, mainly when we have a large number of devices Budget - Pentests require more skilled staff to be performed Validation - By performing a VA we can find out whether a Service Pack or Hotfix was applied Trending - Trending vulnerabilities across our enterprise can provide valuable insight into our organization's remediation and change control processes Otherwise, the Penetration test is highly recommended, once it also involves the vulnerability scanning during the target identification and analyses process.
Information Gathering and Discovery Information gathering and discovery is the process an individual or group performs to ascertain the scope of an assessment. On this first step, the tool will be used to identify and determine the number of systems and applications that will be assessed. We can use the NMAP for this first step for the information gathering. Enumeration During that step, the tool will be used to determine the target operating system (OS fingerprinting) and the applications that are running on it. We also can use the NMAP for this enumeration. Detection This is the last step on the Vulnerability Assessment, where the vulnerabilities on the system and application will be detected. On this step we can use some tools such as Nessus or Retina.
By performing network and port scanning, we collect all information about the hosts, network devices, listening ports and Services running. We can also identify the Directory Services such LDAP and Microsoft Active Directory. By performing a “ whois” query, we are able to gather the some information such as the company's physical address, the IP addresses range used by the company and the DNS servers responsible for the domain.
Through the process called “ OS Fingerprinting ”, we can enumerate the Operating Systems versions (e.g.: Windows 2008, Windows XP, Linux 2.3.6, Cisco IOS 11, Cisco NX-OS), determine which Service or Application is running in a specific TCP/UDP port. During this phase, we are also able to enumerate each SNMP Communities, and tool likes to find the “Public” one.
Since the network devices and hosts were properly identified, the listening ports are already listed, the Operating Systems and Applications versions are enumerated accordingly, Then the vulnerability detection phase can start. On this 3rd step, the tool will check whether each system is susceptible to attack, and how vulnerable it is. The detection process will report that vulnerabilities are present on a system.
Once the whole activities are running inside the company’s network, it could impact negatively the network and systems performance . Additionally, there is a risk of some security tools as IDS/IPS, once the attacks are detected, they performing some countermeasures as shutdown some system or making an application unavailable temporarily. Also the IT staff could react as if some real threat was taking place on the company’s network.
The outsourcing company must follow the FISMA requirements The 3 rd party should follow the instructions of the FISMA (2002), indicated on section 3544(b) of the Title III. According to FISMA (2002) the agency/consulting firm, should “Planning, implementing, evaluating and documenting remedial action to address any deficiencies in the information security policies, procedures, and practices of the agency”. (Section 3544(b)(6)). Another important step it is notifying and consulting with the Federal information security incident center, about information security incidents, threats and vulnerabilities. The National Institute of Standards and Technology (NIST) was designated to create and maintain the standards and guidelines to apply the FISMA on the Federal Agencies and Organizations. Some of the Guides and Recommendation documents are indicated along this presentation. Establishing an Information Security Assessment Policy: This identifies the organization’s requirements for executing the Assessment, and provides accountability for the appropriate individuals. The Assessment Policy should contain: The organizational requirements Roles and responsibilities Adherence to an established assessment methodology Assessment frequency Documentation Determine the objectives of each security assessment The Vulnerability Assessments have acceptable levels of risk. Therefore, by determining the objectives and applying the proper approach will help the Police Department to limit risk and available resource usage. About the discoveries of the Vulnerability Assessment, they should be kept as confidential, and also be reported to the Federal information security incident center, as required by FISMA (2002). The finished product, the assessment, is confidential. There can only be ONE copy. And the 3 rd party is not allowed to keep notes during the process or even save one copy for themselves. They can’t use the Assessment as an example for potential clients. Additionally, the consulting firm must tore reports in encrypted databases that are only accessible with the proper credentials. At the final stage, the 3rd party should analyze findings , and develop risk mitigation techniques to address the weaknesses found. The consulting firm should conduct a root cause analysis upon completion of an assessment, in order to convert the findings into mitigation techniques actions. The 3rd party should periodically testing and evaluating the security controls and techniques Also, the Police Department and the 3rd Party should periodically perform assessment the risk and damage level that could result from the non-authorized access, disclosure, disruption, modification, or destruction of information, network assets, systems and applications that supports the operations of the Department.
As stated by the NIST (NIST, 2010), FISMA and OMB policy require external providers handling federal information or operating information systems on behalf the federal government to meet the same security requirements as federal agencies. FISMA is the law, and if the Police Department is not in compliance with the Federal Information Security Management Act, it is breaking the law. Therefore, both the Police Department and the 3rd party must be in compliance with the FISMA. Additionally, by being complying with FISMA requirements, the Police Department and the Consulting firm are ensuring the sensitive information is being protected accordingly, the systems are available for the authorized users and the integrity of the data are being kept. NIST 800-53 and 800-53A - When outsourcing the Vulnerability Assessment, the external company should follow both the “Recommended Security Controls for the Federal Information Systems” and the “Guide for Assessing the Security Controls in Federal Information Systems and Organizations”, including selecting security controls and monitoring security controls, and appendix such as Penetration Testing considerations. The Legal Department has a key role on the VA process. It is responsible for: Assure that the contracts and service-level agreements are in accordance with the current legislation and the Risk Management Framework (e.g.: FISMA – section 3541(a) of the Title III, RMF, NIST) Assist in reviewing the assessment plan and providing indemnity or limitation of liability clauses into contracts that govern security assessments, mainly for tests that are deemed intrusive. Require the consulting firm to sign nondisclosure agreements that prohibit them from disclosing any sensitive and proprietary information (section 3542(b)(1)(B) of the Title III). Address any privacy concerns and potential privacy violations before the assessment begins. Determine data handling requirements to ensure data confidentiality. Also, captured data may include sensitive data that does not belong to the organization, or some personal employee data. Therefore, the 3 rd party staff should be aware of these risks and conduct packet captures that follow any requirements that were predefined by the Legal Department.