ISSC362 discussion response Linux, Live CDs and Automated Tools
Need to respond to the below two students discussions with at least 150 words minimum per discussion response. Below int he bold will be the questions the students are responding to.
- Locate an automated assessment tool and detail what attackers use the tool for, the information it provides, and how organizations can protect themselves from it.
To first introduce this week topic, I like to begin with definitions as I do on all my post. Having a basic knowledge of what we are about to discuss is an important part of understanding completely the lesson. Vulnerability assessment is a process of identifying, quantifying, and prioritizing vulnerabilities on a system, which can be system administrator to strengthen the system or by malicious users to exploit them. Within this vulnerability tools there is 3 different groups, source code, application, and system scanner. The one I decided to choose was source code scanner since it can detect problems, such as buffer overflows, race conditions, privilege escalation, and tainted input. A know tool used for source scanning is Flawfinder, a Python program that searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first.Attacker can use this tool to identify lines among other in the codes that contains a potential flaw. By doing so they now they have a way to exploit the system. A few examples of this are the options of –context, which display the line that contains the potential flaw or –columns displaying the column number of the potential flaw. As far as the ability of an organization protecting from it wasn’t easy to find and my guess on this tool is that is mostly used to improve the network security rather than been use by hackers.
Flylib.com . (n.d.). Automated Assesment Tools. Retrieved from https://flylib.com/books/en/1.36.1/automated_assessment_tools.html
Flylib.com . (n.d.). Flawfinder. Retrieved from https://flylib.com/books/en/22.214.171.124/1/
An automated network assessment and vulnerability scanning tool is OpenVAS. As an open source platform falling under the GNU GPL, it is backed by a decade of ongoing development and an expansive vulnerability test library numbering over 50K entries. With its origin beginning with the early developers of the well known Nessus tool, when Nessus shifted to a new business model OpenVAS was carried forward and has evolved into the product seen today (OpenVAS, 2019).
Used to recon systems on a network, identify vulnerabilities, determine system details, and perform authenticated and unauthenticated queries, OpenVAS is a richly featured framework capable of running deep scans, logging existing threats against its vast library, and can be run off of Linux or directly on a server. A scan will produce a report of vulnerabilities that can be sorted by various elements and drilled down into to review the threat details, the possible impact, and often mitigation solutions to remove it.
An organization would scan a target IP address using OpenVAS, look for open services, and then run them through the vulnerability database to assess and address any threat found. Likewise, a malicious attacker could scan a network for machines, discover system details and vulnerabilities to exploit, and either listen or launch further attacks. That being said, OpenVAS is a particularly noisy scanner and might not be the best option for those wishing to conduct undetected scans of target systems with the intent of successfully taking action.
OpenVAS – Open vulnerability assessment system. (2019). Openvas.org. Retrieved from http://www.openvas.org/.