Vulnerability Assessment and Management

ADD REFERENCES!!!

The template document should follow this format:

• Vulnerability Assessment Project Document Shell
• Use Microsoft Word
• Title Page

o Course number and name
o Project name
o Student name
o Date

• Table of Contents

o Use auto-generated TOC.
o Separate page
o Maximum of three levels deep
o Be sure to update the fields of the TOC so it is up-to-date before submitting your project.

• Section Headings (create each heading on a new page with TBD as content except for sections listed under New Content below)

o Intrusion Tools and Techniques
o Common Vulnerabilities and Exposures
o Attack Methods
o Intrusion Detection System Policies
o Protective Measures

Each Part you will add to this document and submit for grading, as a preview each Section will contain the following:

• Intrusion Tools and Techniques (Part 1 - IP)

o Intrusion Detection
o Auditing
o Audit Data Review

2-pages

• Common Vulnerabilities and Exposures (Part 2 - IP)

o Definition of CVE
o Calculation of CVSS
o The use of the NVD

- The management team is interested in knowing what potential vulnerabilities exist for your environment. Take this opportunity to review common vulnerabilities specific to your environment and provide the following information:

1. Define what the CVE database is designed to provide to security researchers.
2. Describe how the CVSS score is calculated.
3. Describe the difference between base and temporal metrics.
4. Describe what the National Vulnerability Database is and used for.
5. Find and describe three vulnerabilities that could potentially exist in your organization, that have a CVSS severity rated as high.---

2-pages

Add the discussion about CVE, CVSS and NVD to The Key Assignment Template section titled: Common Vulnerabilities and Exposures

• Attack Methods (Part 3 - IP)

o A discussion about various attack mechanisms and vectors, including:

- Authenticated and Unauthenticated
- Active and Passive

- The team liked the information you provided about authenticated and unauthenticated attacks, but they are still a little confused about the difference between active and passive attacks and how they relate to the authenticated attacks previously described. Take this opportunity to describe how active and passive attacks work and the authenticated and unauthenticated attacks tie together with them. Address the following and add your responses to your final Key Assignment:

1. A description of active attacks.
2. A description of passive attacks.
3. 3 examples of each (6 total) but ensure that 3 are Windows based and 3 are UNIX based.
4. Include a discussion talking about how authenticated and unauthenticated attacks are used during passive and active attacks.---

2-pages

Add the discussion about the attack methods and examples to the section titled: Attack Methods.

• Intrusion Detection System Policies (Part 4 -IP)

o Policies

- The project is going well so far, and the analysis and discussion of the vulnerabilities was well-received. You realize that when vulnerability scanning takes place, employees need to know what the expectations are for handling the findings. You want to ensure that the policies and expectations for action are in place. Discuss the following:

• The purpose of a policy
• Create a policy for your organization that will cover one of the following (choose just 1):

o Intrusion Detection
o Incident Handling
o Vulnerability Assessment and Handling----

2-pages

Add the discussion about the definition of a policy and the sample policy to the section titled: Intrusion Detection System Policies.

• Protective Measures (Part 5 - IP)

o Vulnerability Assessment

- The management team as well as your peers are happy with the work performed to this point:

• Setting up Intrusion Detection Systems and audit data.
• Defining and understanding vulnerabilities
• Identifying various attack mechanisms
• Creating a policy

The last and final step is to perform a vulnerability assessment against a workstation, server or combination and analyze the findings. Recommend the solutions to remediate any serious issues based on the established company policies.

It is important to know and understand the security posture of the devices attached to the network, as these might often be a step in a more sophisticated and multilevel attack of the infrastructure. An important step in the risk management process is to determine what vulnerabilities exist on these devices. Choose a vulnerability assessment tool and perform a vulnerability assessment against your target(s) in your environment, and report the findings. The information should include:

• A description about the tool used to perform the scan.
• A list of identified hosts (Obfuscate any specific IP addresses).
• The list of serious (on a scale of 1-5 (1 being the highest) report the 1 and 2 issues)
• Describe or list any false positive information.
• Discuss potential safeguards and remediation actions that could be implemented for each finding to reduce the risk.

At this point the Key Assignment Template is Complete. The following Sections should be completed, and ensure to incorporate any feedback previously received from the instructor and peer reviews:

o Title Page
o Table of Contents (Updated to reflect correct page numbers)
o Intrusion Tools and Techniques
o Common Vulnerabilities and Exposures
o Attack Methods
o Intrusion Detection System Policies
o Protective Measures
o References

Add the discussion about the scan, the analysis and results and the remediation suggestions to the section titled: Protective Measures.