Ethical Hacking: Vulnerability Analysis

Pluralsight is not an official partner or accredited training center of EC-Council. In this course, you'll learn how important it is to not only scan your networks for any red flags but also how to analyse those results.
Course info
Rating
(11)
Level
Intermediate
Updated
Sep 27, 2018
Duration
3h 14m
Table of contents
What Do You Need to Start?
Shaping and Implementing Our Vulnerability Scans
The Scanners
Analyzing Vulnerability Scans
Remediation and Change Control
Remediating Host Vulnerabilities
Remediating Network Vulnerabilities
Remediating Virtual Environment Vulnerabilities
Description
Course info
Rating
(11)
Level
Intermediate
Updated
Sep 27, 2018
Duration
3h 14m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Networks aren’t what they use to be. They’re more complex than ever. Systems today are so interconnected, and buried within those systems are thousands of undetected security vulnerabilities waiting to be used against you. Attackers perform vulnerability analysis to identify loopholes in your organization's infrastructure. Any vulnerabilities they find will be used to breach and dig deeper into your systems. In this course, Ethical Hacking: Vulnerability Analysis, you'll learn how to further secure your infrastructures by using the same tools and techniques that attackers use to probe your network to find possible attack vectors. First, you'll be taught about the different types of vulnerabilities, the types of scans and possible regulatory requirements that you might face. Next, you'll learn about the different VMS (Vulnerability Management Software) programs and how to choose one that is best for your organization. Finally, you learn how to prioritize your vulnerabilities and the remediation steps needed for servers, a workstation, networks, or even virtual machines. When you've finished this course, you'll have under your "Utility-Belt," the skills and knowledge of an Ethical Hacker when it comes to vulnerability analysis.

About the author
About the author

Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.

More from the author
More courses by Dale Meredith
Section Introduction Transcripts
Section Introduction Transcripts

Shaping and Implementing Our Vulnerability Scans
Okay, so let's talk about shaping and implementing our vulnerability scans. In this module, we'll do several different things. We'll first go through and talk about how we id the targets for our scans. You don't necessarily want to scan every single device in your environment, but we do need to determine which ones are the most important. And so, we'll also take a look at defining our scanning frequency, how often are we scanning. Now before we get further into this, I want to differentiate what we're talking about here when we talk about scanning or a scan. We're talking about looking at a particular machine and looking for vulnerabilities on that machine. I am not talking about doing something like a ping sweep. We already know about the different systems on our network infrastructure and there are several different products that we could use to identify those machines anything from Nmap to some commercial products like WhatsUp Gold. I mean there's all kinds of automated tools out there that help you to identify systems. Our goal here is to set up a scanning mechanism or a scanning layout so that we can look at the machines that we've identified that we need to make sure that are secure. So again, we'll look at the frequency, we'll also look at the scopes of the scan. We'll then talk about the different ways that we can configure the scans and the scanning systems themselves also need some maintenance so we'll look at that, as well as how we classify the data that we're scanning. We need to make sure that we're able to scan certain areas or maybe they don't want us to scan certain areas. And then finally, we'll take a look at ongoing scanning and continuous monitoring. So now that we've got that out of the way, let's go ahead and get started with how do we id the targets for our scans.

The Scanners
Okay, so let's actually get into the scanners themselves. You need to understand that first of all I'm not going to get way in depth with each one of these scanners. We're going to show you how to install them just so that you can have them and play around with them and there's a plethora of options available to you. So we'll go through, in this particular module, and we'll first take a look at understanding which scanner to use. Believe it or not, it's going to be, again, dependent upon your environment and what you require. We'll then take a look at open source versus commercial, I know it's free versus paid, there's advantages and disadvantages to both, but are you also aware that there's an option of doing on-premises versus cloud solutions and we'll talk about that. We'll also look at things from big blue's world, the Microsoft world, and then we'll also talk about something called SCAP, as well as exploit scanners. Technically, we've already talked about these in a previous course, but we'll review them here just very quickly. So if you're ready to get in and take a look at these scanners, let's get going.

Analyzing Vulnerability Scans
Okay, so let's talk about analyzing those reports or the vulnerability scans. In this module, we're going to go through and take a look at a couple things. The first thing we'll do is actually look at the fact that there is kind of a trick to interpreting the reports that we get. We'll also review or give you the information concerning the CVSS standard. This is a standard that helps us to rate the priority of a vulnerability. I've talked about them before in some of the other modules. Here's where we're going to clarify exactly what it is. We'll then take a look at the false positives and the exceptions that we may need to make as we're scanning for vulnerabilities. And then finally, we'll take a look at the trends, yeah, my bell bottom pants, they're not a trend anymore. No, we'll look at the trends. What we mean by this is that sometimes we start to see something happen and maybe we can be, again, more proactive. So let's get going.

Remediation and Change Control
Okay, so you've researched your scanners, you've installed your scanners, you've ran your scanners, and now you get a scan report. And each vulnerability detective will normally be assigned a risk typically using our CVSS, or the common vulnerability scoring system. Well what do we do now? Well that's where remediation and change control comes into play here. In this module, we're going to go through and talk about a couple things. We'll first talk about the remediation workflow that you should make sure you understand and that everybody utilizes so that you have a consistent environment that handles vulnerabilities when they hit. Part of that workflow will also talk about the communication and change controls that you need to implement, as well as some of the inhibitors to remediation. So when you're ready to move on, just continue, and we'll start talking about the workflows.

Remediating Host Vulnerabilities
Okay, so let's talk about remediating host vulnerabilities. Now typically when we talk about devices like hosts, we have this tendency of thinking of just of servers. Well that's not the case. In this particular module, we're going to look at all the different types of host vulnerabilities. They'll range from servers, as well as we'll go through and talk about endpoints and endpoints are where we really open this up to things like mobile devices, as well as the Internet of Things. We'll then go through and talk about ICS, as well as SCADA. So let's jump right into this and get going.

Remediating Network Vulnerabilities
Okay, network security has changed quite a bit, it's become actually more of a challenge than it was several years ago. And today, our IT teams actually struggle against cyber security count shortages, as well as an increased number of endpoints in their networks, as well as the ever-changing cyber-crime attack vector and that's why it's important to understand how to remediate network vulnerabilities. In this module, we'll go through and we'll talk about some of those things we need to be looking at. We'll first talk about updates, as well as some of the underlying security mechanisms in our protocol such as SSL and TLS. There're also some issues, one of my favorite targets of opportunity is DNS and we'll talk about that. There are some exciting things that it's actually taking places of the recording of this course that will be affecting Android phones where they're starting to implement some secure DNS queries, but that's me being a little sidetracked here. We'll also take a look at the issue of accidentally exposing internal IP addresses, and of course, another type of network vulnerability that we need to be aware of or at least how to remediate would be VPN issues. So let's dive in and see what we can learn today.

Remediating Virtual Environment Vulnerabilities
Okay, when it comes to virtualization, look most of us are using some type of virtualization at this point, right, and remediating issues within the virtualized environment isn't too far off from what we do in a physical environment, however, there are some virtualization issues we need to take a look at. In this module, we're going to go through and make sure that we understand everything we need to be looking at. We'll first go through and just have a quick review of virtualization. No, I'm not going to bore you with this is how we virtualize a machine. I want to show you basically what's happening when we implement virtualization because it comes into play as we go further in. We'll then take a look at how we can remediate issues with administrative interface access, as well as getting into the virtualization itself whether that's patching the virtual hosts, which is the physical box that's maintaining the virtualized machines, or the guest operating systems themselves. We'll also take a look at the virtualized network. These are a little bit harder or sometimes they get overlooked because the aspect of their not visible to us. It's not like we see a wire hanging out. And queue the spy music. Fiddle dee. Okay, let's get going.