vulnerability scoring systems and databases

• Common Weakness Enumeration (CWE) – 常見弱點枚舉
• Common Vulnerabilities and Exposures (CVE) – 常見漏洞和暴露
• National Vulnerability Database (NVD) – 國家漏洞數據庫 
• Common Vulnerability Scoring System (CVSS) – 通用漏洞評分系統

CVSS 有新舊版分，CVSS V3.0分五種none Low Medium High Critical

CVSS V2.0就只有三種Low Medium High(分數範圍會考!就背 medium是4.0~6.9

vulnerability-management life cycle

1. Discover: Inventory all assets across the network and identify host details including operating system and open services to identify vulnerabilities. Develop a network baseline. Identify security vulnerabilities on a regular automated schedule.清點網路的所有資產
2. Prioritize Assets: Categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to your business operation.將資產分類並給予價值
3. Assess: Determine a baseline risk profile so you can eliminate risks based on asset criticality, vulnerability threat, and asset classification.設定風險基準線來知道誰要先處理
4. Report: Measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities.根據安全策略紀錄、監控漏洞
5. Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish controls and demonstrate progress.根據優先權來開始補洞
6. Verify: Verify that threats have been eliminated through follow-up audits.驗證漏洞補好了

Pre-Assessment Phase預評估階段

• Identify and understand business processes
• Identify the applications, data, and services that support the business processes and perform code reviews
• Identify the approved software, drivers, and basic configuration of each system
• Create an inventory of all assets, and prioritize or rank the critical assets
• Understand the network architecture and map the network infrastructure
• Identify the controls already in place
• Understand policy implementation and practice standard compliance with business processes
• Define the scope of the assessment
• Create information protection procedures to support effective planning, scheduling, coordination, and logistics

Comparing Approaches to Vulnerability Assessment比較漏洞評估方法

漏洞評估解決方案有四種類型：

1. product-Based
2. Service-Based
3. Tree-Based
4. Inference-Base

product-Based 的方式就是買設備來評估，Service-Based就是直接找第三方來幫忙，缺點就是第三方能連近來表示駭客也可以了，Tree-Based就是自己來針對不同的服務來自己掃描評估，這種方法依賴於管理員提供一個起始情報，然後開始連續掃描

Inference-Base就是掃描首先建立機器上發現的協議清單。找到協議後，掃描過程開始檢測哪些端口連接到服務，例如電子郵件服務器、Web 服務器或數據庫服務器。找到服務後，它會選擇每台機器上的漏洞並開始只執行那些相關的測試。

Types of Vulnerability Assessment Tools

• Host-Based Vulnerability Assessment Tools
• Depth Assessment Tools– 深度評估工具用於發現和識別系統中以前未知的漏洞。
• Application-Layer Vulnerability Assessment Tools-應用層漏洞評估工具旨在滿足各種操作系統類型和應用程序的需求。
• Scope Assessment Tools-範圍評估工具通過測試應用程序和操作系統中的漏洞來提供安全評估。
• Active & Passive Tools– 主動掃描程序對消耗網絡資源的網絡功能執行漏洞檢查。
• Location and Data Examination Tools

best practices for selecting vulnerability assessment tools 

• Ensure that they do not damage the network or system while running.
• understand their function and decide on the information is needed before starting
• decide the source location for the scan ,and the information is need to be collected
• enable logging every time 
• Users should frequently scan their systems for vulnerabilities

漏洞評估工具

OpenVAS 

Nessus-可以掃漏洞，有windows版、樹梅派版

Nikto-Nikto是一款開源的網頁伺服器掃描器，它可以對網頁伺服器進行全面的多種掃描，包含超過3300種有潛在危險的文件／CGIs

參考資料

CEH v11 筆記總結Module 5