Vulnerability assessment is the systematic evaluation of an organization's exposure to threats. It involves identifying assets, evaluating threats against those assets, determining vulnerabilities, assessing risks, and selecting appropriate controls. Various techniques can be used including asset identification, threat modeling, vulnerability scanning, penetration testing, and risk assessment. The goal is to establish a security baseline and mitigate risks through hardening systems and ongoing monitoring.

1. Vulnerability Assessment

2. What Is Vulnerability Assessment?
 First step any security protection plan begins with assessment of
vulnerabilities
 Vulnerability assessment - Systematic and methodical evaluation of
exposure of assets to attackers, forces of nature, and any other entity that
could cause potential harm
 Variety of techniques and tools can be used in evaluating the levels of
vulnerability

3. Elements of Vulnerability Assessment
 Asset Identification - Process of inventorying items with economic value
 Identify what needs to be protected
 After an inventory of the assets has been its important to determine each item’s relative value.
 Threat Evaluation - List potential threats from threat agent
 What pressures are against those assets
 Threat agents are not limited to attackers
 After an inventory of the assets has been its important to determine each item’s relative value.
 Threat Modeling - Goal of understanding attackers and their methods
 Vulnerability Appraisal - Determine current weaknesses as snapshot of current organization security
 How susceptible current protection is
 Every asset should be viewed in light of each threat
 Risk Assessment - Determine damage resulting from attack and assess likelihood that vulnerability is risk to organization
 What damages could result from the threats
 Not all vulnerabilities pose the same risk

4. Attack Tree Examples

5. Vulnerability Assessment Actions And
Steps

6. Assessment Techniques
 Baseline Reporting - Comparison of present state of system to its baseline
 Baseline - Imaginary line by which an element is measured or compared; can be seen as standard
 IT baseline is checklist against which systems can be evaluated and audited for security posture
 Outlines major security considerations for system and becomes the starting point for solid security
 Deviations include not only technical issues but also management and operational issues
 Programming Vulnerabilities- List potential threats from threat agent
 Important for software vulnerabilities be minimized while software being developed instead of after released
 Software improvement to minimize
vulnerabilities difficult:
 Size and complexity
 Lack of formal specifications
 Ever-changing attacks

7. Assessment Tools
 Port scanners - Software can be used to search system for port vulnerabilities
 Banner grabbing tools – Software used to intentionally gather message that service
transmits when another program connects to it.
 Protocol analyzers - Hardware or software that captures packets to decode and analyze
contents
 Vulnerability scanners - Automated software searches a system for known security
weaknesses
 Honeypots and honeynets - Goal is to trick attackers into revealing their techniques
 Tools can likewise used by attackers to uncover vulnerabilities to be exploited

8. Port Scanning

9. Protocol Analyzer Security Information

10. Vulnerability Scanning vs.
Penetration Testing
Vulnerability Scanning
 Intrusive vulnerability scan -
Attempts to actually penetrate
system in order to perform simulated
attack
 Non-intrusive vulnerability scan -
Uses only available information to
hypothesize status of the
vulnerability
 Credentialed vulnerability scan –
Scanners that permit username and
password of active account to be
stored and used
 Non-credentialed vulnerability
scans - Scanners that do not use
credentials
Penetration Testing
 Penetration testing - Designed to
exploit system weaknesses
 Relies on tester’s skill, knowledge,
cunning
 Usually conducted by independent
contractor
 Tests usually conducted outside the
security perimeter and may even
disrupt network operations
 End result is penetration test
report

11. Vulnerability Scan and Penetration Test
Features

12. Third-Party Integration
 Increasing number of organizations use third-party vendors to create partnerships
 Third-party integration - Risk of combining systems and data with outside
entities, continues to grow
 Question: How will entities combine their services without compromising their
existing security defenses?
 Question: What happens if privacy policy of one of the partners is less restrictive
than that of the other partner?
 Data considerations - Who owns data generated through the partnership and how
data protected?
 Inoperability agreements
 Service Level Agreement (SLA) - Service contract between a vendor and a client
 Blanket Purchase Agreement (BPA) - Prearranged purchase or sale agreement between
a government agency and a business
 Memorandum of Understanding (MOU) - Describes agreement between two or more
parties
 Interconnection Security Agreement (ISA) - Agreement intended to minimize security
risks for data transmitted across a network

13. Mitigating and Deterring Attacks
 Create a security posture
 Initial baseline configuration:
 Continuous security monitoring
 Remediation
 Select appropriate controls
 Configuring Controls
 Key to mitigating and deterring attacks is proper configuration and testing of the
controls
 Hardening - Eliminate as many security risks as possible
 Reporting - Providing information regarding events that occur

14. Checkpoint
 Vulnerability assessment
 Methodical evaluation of exposure of assets to risk
 Five steps in an assessment
 Risk describes likelihood that threat agent will exploit a vulnerability
 Several techniques can be used in a vulnerability assessment
 Port scanners, protocol analyzers, honeypots are used as assessment tools
 Vulnerability scan searches system for known security weakness and reports findings
 Penetration testing designed to exploit any discovered system weaknesses
 Tester may have various levels of system knowledge
 Standard techniques used to mitigate and deter attacks
 Healthy security posture
 Proper configuration of controls
 Hardening and reporting