Meritshot Tutorials
Cyber Security Tutorial
-
What is cybersecurity?What is cybersecurity?
-
Introduction to LinuxIntroduction to Linux
-
Text Processing using GREP, SED, and AWKText Processing using GREP, SED, and AWK
-
Introduction to Ethical HackingIntroduction to Ethical Hacking
-
Footprinting and ReconnaissanceFootprinting and Reconnaissance
-
Scanning NetworksScanning Networks
-
Enumeration in Cyber SecurityEnumeration in Cyber Security
-
Vulnerability AnalysisVulnerability Analysis
-
System HackingSystem Hacking
-
Malware ThreatsMalware Threats
-
SniffingSniffing
-
Social EngineeringSocial Engineering
-
Denial-of-ServiceDenial-of-Service
Vulnerability analysis in Cyber Security
Vulnerability
Vulnerability can be defined as an issue in the software code that a hacker can exploit toharm the systems. It can be a gap in the implementation of cybersecurity proceduresoraweakness in the controls.
Examples of vulnerabilities exist in every industry. These include:
Unauthorized network access by Hackers due to a weak Firewall
➢ Cracking of Wi-Fi Passwords
➢ Exposure of sensitive data due to lack of application security
➢ Credit card data, Health Records
➢ Security misconfiguration
➢Misconfiguration of passwords
➢ Insecure cryptographic storage
Vulnerability Analysis
Vulnerability analysis is a procedure to check all the vulnerabilities in the systems, computers and other ecosystem tools. The vulnerability analysis helps in the analyzing, recognizing and ranking of the vulnerabilities as per the severity. It helps withtheidentification and assessment of threat details, enabling us to keep a resolution toprotect
them from hackers. The analysis can be done for every industry fromHealthcare toRetail
to IT
Objectives of the Vulnerability analysis
To identify vulnerabilities – Configuration, system, Design, Code, Process.
➢ Documenting the vulnerabilities.
➢ Preparation of guidance to mitigate the vulnerabilities. Importance of Vulnerability Analysis
➢ Deep dive insights of the security issues.
➢ Helps us understand the risks associated with the entire ecosystem.
➢ For security breaches
➢ Assets that are prone to cyber attacks.
Steps for the vulnerability Analysis
Step
Assess Critical Value of each device
- Review all the devices in the network
- Who are the people accessing the devices
- Capture the below information:
- Risk Impact
- Risk Threshold
- Risk Strategy Planning
- Mitigation
- Business Impact Analysis
Step
Details of the installed systems
- Systems – What they do
- For whom the devices are installed
- Review – Device open ports
- Configuration of the devices
- Drivers of the devices which are certified
- Device vendor, version details
- Software installed on the devices
Vulnerability Scanning
- Compliance requirements checking
- Scan Policy formation
- Scanning – Single or Multiple times
Report Creation
- Vulnerability name
- Vulnerability Discover date
- Common Vulnerabilities
- Risk Score, Systems affected
Method to fix them
Types of Vulnerability Assessment
Network Based Scans
To identify network vulnerabilities. This scan helps to find the vulnerable systems in the wired and wireless networks.
Host Based Scans
This scan is to identify vulnerabilities in the ports, configuration, server workstations, other hosts and patch history.
Wireless Network Scans
Complete scan on wireless networks to find the vulnerabilities.
Application Scans
To test all portals and mobile applications for vulnerabilities.
Database Scans
To scan all the databases for potential vulnerabilities.
