As a security professional, you need to be aware of the different security issues associated with threats, vulnerabilities, and risks, and the tools available to combat them. If you’re planning to take the SY0-501 exam, you should have a basic understanding of some specific tools used to assess networks and manage risks.
For example, can you answer this practice test question?
Q. Your organization has a legacy server running within the DMZ. It is running older software that is not compatible with current patches, so management has decided to let it remain unpatched. Management wants to know if attackers can access the internal network if they successfully compromise this server. Which of the following is the MOST appropriate action?
A. Perform a vulnerability scan.
B. Perform a port scan.
C. Perform a black box test.
D. Perform a penetration test.
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.
The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study GuideEach of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
Obtaining Authorization
It’s important to obtain vulnerability testing authorization and penetration testing authorization before performing any vulnerability testing or penetration testing. In most cases, this consent is in writing. If it isn’t in writing, many security professionals won’t perform the test. A penetration test without consent is an attack. An organization may perceive a well-meaning administrator doing an unauthorized penetration test as a black hat or gray hat attacker. The administrator might be updating his résumé after running an unauthorized scan or penetration test.
Many organizations use a written rules-of-engagement document when hiring outside security professionals to perform the test. The rules-of-engagement document identifies the boundaries of the penetration test. If testing does result in an outage even though the testers followed the rules of engagement, repercussions are less likely.
Penetration Testing
Penetration testing actively assesses deployed security controls within a system or network. It starts with passive reconnaissance, such as a vulnerability scan, but takes it a step further and tries to exploit vulnerabilities by simulating or performing an attack.
Remember this
A penetration test is an active test that can assess deployed security controls and determine the impact of a threat. It starts with a vulnerability scan and then tries to exploit vulnerabilities by actually attacking or simulating an attack.
White, Gray, and Black Box Testing
It’s common to identify testing based on the level of knowledge the testers have prior to starting the test. These testers could be internal employees or external security professionals working for a third-party organization hired to perform the test. The three types of testing are:
- Black box testing. Testers have zero knowledge of the environment prior to starting a black box test. Instead, they approach the test with the same knowledge as an attacker. When testing new applications, black box testers wouldn’t have any prior experience with the application. When testing networks, they aren’t provided any information or documentation on the network before the test. Black box testers often use fuzzing to check for application vulnerabilities.
- White box testing. Testers have full knowledge of the environment before starting a white box test. For example, they would have access to product documentation, source code, and possibly even logon details.
- Gray box testing. Testers have some knowledge of the environment prior to starting a gray box test. For example, they might have access to some network documentation, but not know the full network layout.
You may also come across the terms black hat, white hat, and gray hat. These aren’t referring to testers but instead to different types of attackers. They are reminiscent of the Wild West, where you could easily identify the good guys and the bad guys by the color of their hat. Black hat identifies a malicious attacker performing criminal activities. White hat identifies a security professional working within the law. Gray hat identifies individuals who may have good intentions, but their activities may cross ethical lines. For example, an activist, sometimes called a hacktivist, may use attack methods to further a cause, but not for personal gain.
Hackers and crackers are terms you may also come across. Originally, a hacker indicated someone proficient with computers who wanted to share knowledge with others. They weren’t malicious. In contrast, a cracker was a proficient hacker who used the knowledge for malicious purposes. However, English is a living language that continues to evolve and the media consistently uses the term hacker to identify malicious attackers.
Intrusive Versus Non-Intrusive Testing
Scans can be either intrusive or non-intrusive. You can also think of these terms as invasive and non-invasive, respectively. Tools using intrusive methods can potentially disrupt the operations of a system. In contrast, tools using non-intrusive methods will not compromise a system. These terms also apply to penetration testing (intrusive) and vulnerability scanning (non-intrusive).
When comparing penetration testing and vulnerability scanning, it’s important to remember that penetration tests are intrusive and more invasive than vulnerability scans. They involve probing a system and attempting to exploit any vulnerabilities they discover. If they successfully exploit a vulnerability, a penetration test can potentially disrupt services and even take a system down.
Vulnerability scans are generally non-intrusive and less invasive than penetration tests. They never attempt to exploit a vulnerability. Because of this, a vulnerability scan is much safer to run on a system or network because it is significantly less likely that it will affect services.
Q. Your organization has a legacy server running within the DMZ. It is running older software that is not compatible with current patches, so management has decided to let it remain unpatched. Management wants to know if attackers can access the internal network if they successfully compromise this server. Which of the following is the MOST appropriate action?
A. Perform a vulnerability scan.
B. Perform a port scan.
C. Perform a black box test.
D. Perform a penetration test.
Answer is D. A penetration test attempts to exploit a vulnerability and can determine if a successful attack will allow attackers into the internal network.
A vulnerability scan is passive. It does not attempt to compromise a system, so it cannot verify if an attacker can access the internal network.
A port scan only identifies open ports.
A black box test only refers to the knowledge of the testers and indicates they have zero knowledge prior to starting a test.
See Chapter 8 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on using risk management tools.
1 thought on “Managing Network Vulnerabilities”