Lab 4: Aligning an IT Security Assessment
Vulnerability Life Cycle
· Death is the culmination of this vulnerability cycle. When the number of systems vulnerable to an exploit is reduced to an insignificant amount then this stage occurs. It can happen by patching vulnerable systems, retiring old systems, or lack of interest in the exploit by hackers.
Types of Disclosure
· The types of disclosure are listed below
· This policy would mean to keep the information tightly contained so as the general public never learns of its existence.
· This would mean that the information about system vulnerabilities and attack tools would be revealed as possible so that potential victims are as knowledgeable as those who attack them.
· The main concept behind limited disclosure is that vulnerability information is shared as few individuals as possible.
· During this stage of the vulnerability life cycle the method of discovery will determine how responsible disclosure will proceed. Initial contact signals the start of the disclosure stage.
Existing Policies and Proposals
· NTBug Traq Disclosure policy
· Rain Forest Puppy “RF Policy”
· IETF draft
· The Fisher Plan
Threat Activity Trends
· Organizations should monitor all network- connected computers for signs of malicious activity including bot activity and potential security breaches, ensuring that any infected computers are removed from the network and disinfected as soon as possible.
· Web browser vulnerabilities are a serious security concern due to their role in online fraud and in the propagation of malicious code, spyware, and adware.
Malicious Code trends
· Monitoring trends in the number of new malicious threats can help improve awareness of their danger and underscores the importance of maintaining robust security, including up-to-date antivirus signatures and software patches.
Phishing, Underground Economy Servers, Spam Trends
· Symantec recommends that enterprise users protect themselves against phishing threats by filtering email at the server level through the mail transfer agent. Organizations can also use IP-based filtering upstream as well as HTTP filtering.
There is a long list of reasons why you want to do periodic assessments and an equally long list of why you shouldn’t. An increasing number of organizations are bound by governmental regulations that dictate what security measures you should have in place and how they should be audited. You get to find out whether your security has already been compromised. You might not know unless you look, and you will sleep better at night if you know.
Lab Assessment Questions and Answers
1. What is a PHP Remote File Include attack and why are these prevalent in today’s Internet world? An inclusion attack wherein an attacker can cause the web application to include a remote file by exploiting a web app that...