CEH Study Guide-Module 5: Vulnerability Analysis

Surya Sadanala
5 min readSep 12, 2024

--

Attackers perform VA to identify security loopholes in the target’s network, and end devices. The identified Vulnerabilities are used by attackers to further exploit the target network.

VA Researchers VA has an important role to play in an organization’s security from different internal and external threats. To secure a network, an administrator needs to perform patch management, install proper antivirus software, check configuration, solve known issues in third-party applications, and troubleshoot hardware default configurations. All these activities together consitutue Vulnerability assessment.

In this section we will learn:

  • Vulnerability Assessment Concepts
  • Vulnerability Classification and Assessment Types
  • Vulnerability Assessment Solutions and Tools
  • Vulnerability Assessment Reports

Vulnerability Assessment Concepts:

There are two causes of vulnerable systems in a network:

  1. Misconfiguration in software or Hardware
  2. Poor Programming practices

Attackers leverage these vulnerabilities to perform different attacks on an organizational resource. We will be covering Vulnerability Assessment, Vulnerability scoring systems, Vulnerability databases, and the Vulnerability assessment life cycle.

Vulnerability Research

It is the process of analyzing protocols, services, and configurations to discover the vulnerabilities and design flaws that will expose an OS and its applications to exploit, attack, or misuse.

An administrator needs Vulnerability Research:

  • To gather information about security trends, newly discovered threats, attack surfaces, attack vectors and techniques
  • To find weaknessess in the OS and applications and alert the network administrator before a network attack
  • To understand information that helps prevent security problems
  • To know how to recover from a network attack

An ethicalhacker needs to keep up with the most recently discovered vulnerabilities and exploits to stay one step ahead of the attackers through vulnerability research which includes:

  • Discovering the sytem design faults and weaknesses that might alllow attackers to compromise a system
  • Stay updated about new products and technologies and reading news related to currnet exploits
  • Checking underground hacking web sites (deep and Dark websites) for newly discovered vulnerabilities and exploits
  • Checking newly released alerts regarding relevant innovations and product improverments for security systems

Security experts and vulnerability scanners classify vulnerabilities by:

  • Severity level (low, medium, high)
  • Exploit range (local or remote)

Resources for Vulnerability Research

The following are some of the online websites used to perform vulnerability research:

What is Vulnerability Assessment?

A vulnerability assessment is an in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand exploitation. It scans networks for known security weaknesses, and recognizes, measures, and classifies security vulnerabilities in computer systems, networks, and communication channels. It identifies, quantifies, and ranks possible vulnerabilities to threats in a system. Additionally, it assists security professionals in securing the network by identifying security loopholes or vulnerabilities in the current security mechanism before attackers can exploit them.

A vulnerability assessment may be used to:

  • Identify weaknesses that could be exploited
  • Predict the effectiveness of additional security measures in protecting information resources from attack

Typically, vulnerability-scanning tools search network segments for IP-enabled devices and enumerate systems, operating systems, and applications to identify vulnerabilities resulting from vendor negligence, system or network administration activities, or day-to-day activities. Vulnerability-scanning software scans the computer against the Common Vulnerability and Exposures (CVE) index and security bulletins provided by the software vendor.

Vulnerability scanners are capable of identifying the following information:

  • The OS version running on computers or devices
  • IP and Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports that are listening
  • Applications installed on computers
  • Accounts with weak passwords
  • Files and folders with weak permissions
  • Default services and applications that might have to be uninstalled
  • Errors in the security configuration of common applications
  • Computers exposed to known or publicly reported vulnerabilities
  • EOL/EOS software information
  • Missing patches and hotfixes
  • Weak network configurations and misconfigured or risky ports
  • Help to verify the inventory of all devices on the network

There are two approaches to network vulnerability scanning:

  • Active Scanning: The attacker interacts directly with the target network to find vulnerabilities. Active scanning helps in simulating an attack on the target network to uncover vulnerabilities that can be exploited by the attacker.

Example: An attacker sends probes and specially crafted requests to the target host in the network to identify vulnerabilities.

  • Passive Scanning: The attacker tries to find vulnerabilities without directly interacting with the target network. The attacker identifies vulnerabilities via information exposed by systems during normal communications. Passive scanning identifies the active operating systems, applications, and ports throughout the target network, monitoring activity to determine its vulnerabilities. This approach provides information about weaknesses but does not provide a path for directly combating attacks.

Example: An attacker guesses the operating system information, applications, and application and service versions by observing the TCP connection setup and teardown.

Vulnerability-Management Life Cycle

The process helps identify remediate any potential security weaknesses before they can be exploited.

  • Identify Assets and Create a Baseline

This phase identifies critical assets and prioritizes them to define the risk based on the criticality and value of eeach system. This created a good baseline for vulnerability management. This phase involves the gathering of information about the identified systems to understand the approved ports, software, drivers, and basic configuration each system in order to develop and maintain a system baseline.

  • Vulnerability Scan

This phase is very crucial in vulnerability management. In this step, the security analyst performs the vulnerability scan on the network to identify the known vulnerabilities in the organization’s infrastructure. Vulnerability scans can also be performed on applicable compliance templates to assess the organization’s Infrastructure weaknesses against the respective compliance guidelines.

  • Risk Assessment

In this phase, all serious uncertainties that are associated with the system are assessed and prioritized, and remediation is planned to permanently eliminate system flaws. The risk assessment summarizes the vulnerability and risk level identified for each of the selected assets. It determines whether the risk level for a particular asset is high, moderate, or low. Remediation is planned based on the determined risk level. For example, vulnerabilities ranked high-risk are targeted first to decrease the chances of exploitation that would adversely impact the organization.

  • Remediation

Remediation is the process of applying fixes on vulnerable systems in order to reduce the impact and severity of vulnerabilities. This phase is initiated after the successful. implementation of the baseline and assessment steps.

  • Verification

In this phase, the security team performs a re-scan of systems to assess if the required remediation is complete and whether the individual fixes have been applied to the impacted assets. This phase provides clear visibility into the firm and allows the security. team to check whether all the previous phases have been perfectly employed or not. Verification can be performed by using various means such as ticketing systems, scanners, and reports.

  • Monitor

Organizations need to performed regular monitoring to maintain system security. They use tools such as IDS/IPS and firewalls. Continuous monitoring identifies potential threats and any new vulnerabilities that have evolved. As per security best practices, all phases of vulnerability management must be performed regularly.

--

--

Surya Sadanala

#Ethical Hacker # Penetration Tester #Digital Forensic Expert #Information Security Specialist#Cyber Security Trainer & Mentor