CompTIA Security+: Security Assessments

CompTIA Security+ logo

Module 4:

Security assessments are a fundamental aspect of maintaining a robust cybersecurity posture. They help identify vulnerabilities, measure risks, and ultimately strengthen the security of digital assets. In this post, we’ll explore the world of security assessments, covering their significance, different assessment types, and their role in the CompTIA Security+ certification.

Host Vulnerabilities

  • The underlying operating system directly affects host vulnerabilities.
  • How the operating system is configured is crucial.

Operating systems come with default configurations:

  • What services are running, programs installed, security settings enabled, etc.
  • Configurations comprise the state of the host.
  • Leaving the host with only default configurations is often insufficient.

Custom configurations are necessary:

  • If not evaluated, they can leave weaknesses in the host.
  • Attackers will exploit these weaknesses.
  • Example: failing to disable Telnet can lead to Man in the middle attack.

Software Vulnerabilities

Software Vulnerability Descritption
Zero-day Exploited before vulnerability is publicly known. Effects are often magnified and longer-lasting.
Improper input handling Software fails to anticipate unusual input Leads to unauthorized access, privilege escalation, DoS etc.
Improper error handling Verbose errors can provide attackers with actionable info. Errors not handled gracefully can cause instability.
Resource exhaustion Software does not restrict access to resources. Too much resource consumption leads to crashes.
Race condition Events fail to execute in order and timing intended. Software can crash.
Memory vulnerabilities Memory Leak Buffer overflow Integer overflow Pointer deference DLL injection

Encryption Vulnerabilities

Some encryption solutions are insecure or become insecure over time.

  • Organizations use cipher suites now considered weak.

  • Poor implementation also reveals weaknesses.

Example: Improperly configured digital certificates.

  • Addresses don’t match, certificate expired, signer not trusted etc.

Encryption Vulnerabilities

  • Improperly configured digital certificates.

Improper Key Management also leads to vulnerabilities.

  • Private keys not secure can fall into the wrong hands.
  • Attackers can impersonate an organization and perform man-in-the-middle attacks.

Network Architecture Vulnerabilities

  • Networks design may reveal weaknesses.
  • Attackers attempt to gain entry through these weaknesses.

Example: Web server not isolated from offline databases.

  • Attacker can move from the web server to the databases.

Example: Wireless network range not controlled for.

  • Signal leaks beyond premisis where attacker can more easily gain access.
  • Attackers also attempt to initiate DoS.

Example: Web server traffic isn’t balanced

  • Attackers congest network with excess traffic, leading to delays and service outages.

Account Vulnerabilities

  • Weak Passwords.
  • Passwords that don’t expire.
  • Lack of multi-factor authentication.
  • Accounts placed in wrong groups.
  • Accounts granted more privileges than necessary.
  • Unused accounts that haven’t been disabled.
  • Guest accounts that haven’t been disabled.

Operations Vulnerabilities

Untrained users.

  • Human element is largest target.
  • Users not equipped to spot social engineering or practice good computer security habits.

Lack of planning for critical business processes.

  • Without EOL processes, obsolete systems may be vulnerable.
  • Embedded systems may be difficult.

System Sprawl

  • Difficult for limited personnel to oversee large number of systems.
  • Inability to manage these systems can lead to compromise.
  • Undocumented assets are difficult to manage consistently.

Security Assessment

Security Assessment: The process of testing security controls to expose any weakness or gaps in tools, technologies, services, and operations. It provides you with vital information needed to mitigate vulnerabilities timely and efficiently. Methods used vary widely.

  • Provides you with information needed to mitigate vulnerabilities timely and efficiently.

Methods used vary widely.

  • Influences active Vs. passive assessment type.
  • Influences other characteristics as well.

Vulnerability Assessment: An evaluation of a systems security based on the configuration state of the system.

  • Determines if current configuration match’s baseline.
  • Often accomplished through automated tools.
  • Identifies misconfiguration, lack of security controls and other vulnerabilities.

Security Assessment Techniques

Technique Description
Review baseline Baseline is a collection of configurations to use as a benchmark for other systems in the organization. Baseline should include industry recommended security configurations and should fulfill a function in the organization.
Review Code Code reviews should be conducted for all apps in development. Can be done manually or with automated tools.
Determine Attack Surface Attack surface is a combination of all areas that are exposed to an attacker. Reducing the attack surface reduces the risk of successful attacks.
Review Security Architecture Evaluate the security infrastructure model. Determine if assets are properly secured and vulnerabilities addressed.
Review Security design Determine if the security solutions fulfill the organizations needs. This needs to be done before the solution is implemented.

Vulnerability Assessment Tools

Tool Type Implement To
Vulnerability Scanner Assesses systems, networks and applications for weaknesses.
Port Scanner Assess current state of all ports on a network.
Packet Analyzer Assess traffic and what it reveals about contents and protocols being used.
Fingerprinting Tools Identify a targets operating system information and running services.
Network Enumerator Map logical structure of network and identify rogue systems.
Password Cracker Recover secret passwords from stored or transmitted data.
Backup Utilities Create copies of scanned data.
Honeypot Redirect suspicious activity to isolated systems for safe monitoring.

Types of Vulnerability Scan

  • Tools scan weak points in a wireless network.
  • Tools to scan for configuration compliance.

Credentialed scans:

  • Scanner authenticates with the system its scanning.
  • Has elevated privileges to test all of the systems configuration.
  • More intrusive.

Non-credentialed scans:

  • Scans from a normal user perspective.
  • Allows you to focus on the most obvious vulnerabilities that can be exploited.
  • Less intrusive.

False Positive

  • Something incorrectly identified as a vulnerability.

Guidelines for Assessing Vulnerabilities

  • Consider how the host operating system is configured.
  • Dont rely on default configurations.
  • Create custom configurations designed for the organizations needs.
  • Consider the impact of zero-day vulnerabilities.
  • Consider software vulnerabilities like improper input and memory management.
  • Consider the impact of using outdated cipher suites.
  • Asses digital certificates for misconfigurations.
  • Assess encryption key management systems for weaknesses.
  • Consider the impact of weaknesses in the network architecture.
  • Consider the impact of misconfigured accounts.
  • Identify users who require training.
  • Identify critical business processes that lack a solid plan.
  • Consider the impact of system sprawl and undocumented assets.

Penetration Testing

Using active tools and techniques to evaluate security by simulating attacks on those systems.

  • Verifies that a threat exists.
  • Less common and more intrusive than vulnerability assessments.
  • Information gathered from penetration tests is more thorough.
  • There is a risk of systems suffering actual damage.
  • Tight restrictions often placed on penetration tests.

Steps To a Successful Penetration Test

Phase Technique Description
1 Reconnaissance Tester gathers as much info about targets as possible. Helps tester craft their simulated attack.
2 Initial Exploitation Tester begins exploitation after reconnaissance gain access to network or hosts, obtain credentials, etc.
3 Privilege Escalation Tester tries to gain greater control over systems. Can do more damage with higher privileges.
4 Pivoting Tester compromises a central host. Tester can spread to other hosts and network segments.
5 Persistence Tester maintains access to the network. Evaluate ease of gaining a covert foothold in the network.

Document EVERYTHING!

Box Testing Methods

  • Black Box Test: Full Reconnaissance.
  • Grey Box Test: Some Reconnaissance.
  • White Box Test: No Reconnaissance.

Penetration Test Methods

Tool Type Implement To
Exploitation of frameworks Create and deploy code to exploit the system.
Data Sanitization Tools Securely erase data from systems.
Steganography Tools Hide data within data to avoid detection.
Social Engineering Tools Test user susceptibility to social engineering tactics.
Stress Tests Test systems ability to respond to increased system usage and network bandwidth.

Guidelines for Implementing Penetration Testing

  • Consider conducting a penetration test in addition to or instead of a vulnerability assessment.
  • Be aware of the risks involved in conducting a pen test.
  • Consider implementing pen test techniques as different phases in a simulated attack.
  • Consider conducting pen tests using different types of box testing methods.
  • Understand the different reconnaissance requirements for each box testing method.
  • Become familiar with the different tools used in active exploitation of systems.

Penetration test Payload

Here is an example of a penetration test payload:

regadd "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f netsh advfireall firewall set rule group="remote desktop" new enable=Yes

PS C:\USERS\USER psexec \secplusvm-2 -u USERPASSWORD -s -d -c pentest_payload.bat

Security assessments are a proactive approach to identifying and mitigating risks before they lead to security incidents. This post provides an in-depth look at the various types of assessments, their processes, and their role in securing digital assets. Whether you’re on your journey to CompTIA Security+ certification or aiming to bolster your cybersecurity knowledge, this guide offers valuable insights.

You can find all of our CompTIA Sec+ guides here: CompTIA Sec+

We also have guides for the CompTIA A+ here: CompTIA A+

Recommendation:

Basic Security Testing with Kali Linux: https://amzn.to/3S0t7Vq

Luke Barber

Hello, fellow tech enthusiasts! I'm Luke, a passionate learner and explorer in the vast realms of technology. Welcome to my digital space where I share the insights and adventures gained from my journey into the fascinating worlds of Arduino, Python, Linux, Ethical Hacking, and beyond. Armed with qualifications including CompTIA A+, Sec+, Cisco CCNA, Unix/Linux and Bash Shell Scripting, JavaScript Application Programming, Python Programming and Ethical Hacking, I thrive in the ever-evolving landscape of coding, computers, and networks. As a tech enthusiast, I'm on a mission to simplify the complexities of technology through my blogs, offering a glimpse into the marvels of Arduino, Python, Linux, and Ethical Hacking techniques. Whether you're a fellow coder or a curious mind, I invite you to join me on this journey of continuous learning and discovery.

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights