Effective Vulnerability Management

By -
Vulnerability Management forms the core of cyber security be it infra or applications. Infrastructure layer vulnerability creates more challenges as it is connected to more internal networks and forms a backbone of organization business sustenance.

While all organizations do vulnerability management, some internal with their own team, some through third party vendors, but still during attacks or security breaches, it is found more and more systems are prone to cyber attacks. 

There are multiple solutions in the market from OEM to open source who claims to provide the hawk eye view of business security challenges, however still business owners finds it difficult to perform effective vulnerability management.

We are listing here possible measures to ensure vulnerability management program is effective

  • Discovery of Assets : - This forms the first steps and core of this program. If the assets are not tagged or discovered, then entire exercise goes in wrong direction. Any tool should have the capability of discovery of assets. But this exercise alone should not be left on tool to perform, tool can discover any devices, however the business owners understanding is must and his knowledge on criticality of infra is very important so that intended outcome is achieved.

  • Settings to be done in tool :-  While the tool will perform the scanning, but it is very important for security auditor to configure the tool as per requirements of the exercise and infra type. It should not be the case that windows checks are getting run on unix machines. While some tools are automated and they perform the discovery of OS and then initiate plugins, still it is always better to cross verify business needs and infra type.
 
  • Type of Scans : - Before starting the exercise, it is very critical to determine the type of scans to be performed. If possible and it is done on internal network, credential scans should be done, which can produce loads of data for analytics. Non credential scans are also feasible however it will mostly give missing patches, security updates and open ports. There is rare chance of getting unwanted softwares on systems and more indepth reports on systems which could be responsible for security breaches. 

  • Vulnerability Detection and Analysis : -  Once the scan is done and we could see the report on tool interface, it is very important to verify and extract more meaningful data using raw data download from tool. It should be ensured that complete analytics should be performed on the data to extract effective vulnerabilities list. Tool will give loads of data, but with analytics, it is possible to find one solution that can solve 100 problems. It is very important and critical of security auditor to perform analysis of data so that patching team is not burdened by unlimited and unwanted rows in excel to patch and track patches. 

  • Identifying Vulnerabilities :-  The biggest challenge faced by security auditor is acceptance of report. Operations team will not accept report just because auditor is saying with reference to tools. So it is important to focus on core issues which could resolve maximum challenges in environment. While analyzing and preparing reports below vulnerabilities should be focused on
    • Root passwords discovery
    • Password violations
    • Password never expire 
    • Guest accounts discovery
    • Admin accounts discovery
    • End of life systems 
    • End of support systems
    • Antivirus not updated on systems
    • Any possibility of backdoors identified
    • Systems missing patches for more than 6 months
    • FTP or Telnet running
    • Anonymous login permitted
    • List of softwares if discovered

  • Report Preparation  : - Post scanning and identifying vulnerabilities, it is very important for effective report preparation which makes it easy for management as well as operations person understand and take effective action based on findings and criticality of findings. All organizations have their own format and needs to report, however few pointers mentioned below will help make most of the reports meets desired outcome of effective vulnerability management.
    • Group CVE's according to criticality
    • Group systems according to CVE's
    • List down one patch/patches that is applicable on most systems 
    • Group Vulnerabilities system wise which shows most critical vulnerabilities on critical systems
    • Report exploits if available against CVE's 
    • Do not remove any information or field from raw data
    •  Prioritize reports based on criticality of vulnerabilities and criticality of systems
    • Trend analysis of Vulnerabilities if it's a regular periodical exercise


All the above points and words if followed effectively, can be helpful in achieving desired outcome and can protect against any possible security breaches or cyber attacks.




Comments

Post a Comment

Popular posts from this blog

Payment Gateway Security Testing Checklist

By -
Below given are some of the possible testing scenarios, which may prove to be useful in performing payment gateway testing. Whether all the types of payment options available through the payment gateway are selectable or not.  Whether each payment option is showing its specification and requirements after being selected by the user.What happens, after the failure of the payment process or if the session ends.  To check, if the payment gateway is allowing to enter data in the blank fields of the card number, card name, expiry date and CVV number.  To examine, how the payment gateway system behaves or responds, after leaving one or more fields, blank such as leaving CVV number field, blank, etc.  Whether the user is being redirected to the application page, after the successful completion of the payment process.  Applying language change, during the payment process. Checking successful integration of
Read more

Network Security VAPT Checklist

By -
Network Security VAPT Checklist Lets talk about the scope first. If you are given a 500 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc. Any single FTP software version (for example pureftpd 1.3.3a) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest. Ø   Identify live hosts ·          Ping ·          Hping ·          Nmap Ø   Identify OS type ·
Read more

How to dump Database using Sqlmap

By -
Image
Database Dump using SQLMap Find out the parameter of application that is vulnerable to SQL injection . Vulnerable Parameter  : “User ID” Enter ‘ and then click on Submit button. will get the SQL Error. Now Intercept the Request in burp. Copy the incepted request and save it in sqlmap installed directory. Open CMD and go to the directory where SQL map is installed (C:/sqlmap) and type sqlmap.py –r sqlinjection (filename) –-dbs and then enter. (dbs is used for dump database name). Then type Y and enter. Type N and enter, it display all the database . Now we have to find out the table in database. Type sqlmap.py –r sqlinjection –D dvwa(database name) –tables.     In the above snap we got the table name in dvwa database. Then we have find out the column name. type sqlmap.py –r sqlinjection –d dvwa –T users –column. Now we are going to dump the userid and password from column. Type sqlmap.py –r sqlinje
Read more