CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
5. Page 5
Security assessments are a
necessity, but they will not
do any good if the results
are misinterpreted.
It is vital that the personnel conducting the security assessments
understand how to do them properly (e.g., using the correct tool
for the correct job) or the results may not be accurate. This could
lead to an unknown weakness in the security of an organization.
Just as important as using the proper tools, is properly
interpreting the results. A misinterpretation of the results can lead
to an incorrect conclusion on the security posture of the
organization. Because of this, it is crucial that security
assessments be conducted with the correct tools and that the
results be properly interpreted.
Overview of security assessment tools.
6. Page 6
Overview of security assessment tools.
– Assessment types.
» Risk assessments or risk analysis: identifying all risks to all
assets within an organization and determining how those
threats will be treated.
• The usual steps include: identifying assets, identifying threats
against assets, prioritizing the threats, and determining how
threats will be treated (handled).
» Threat assessments: identifying the individual threats to
individual assets within an organization. They are conducted as
part of the risk assessment process.
• Assets may have more than one threat present.
» Vulnerability assessments: the process of identifying any
weaknesses that may be present in the configuration of
computing systems, network appliances, and networks.
• Most vulnerability assessments are conducted automatically
using special software tools called vulnerability scanners.
• Most vulnerability scanners take a passive approach to the
assessment; they are not attacking the system, only trying to
identify possible weaknesses in the configuration.
7. Page 7
Overview of security assessment tools.
– Assessment techniques.
» Baseline reporting: using a baseline—how the system
operates under normal conditions—after an incident has
occurred to help determine what may be causing system
issues.
» Code review: having a security tester review and analyze
application code developed by in-house programmers before
deploying an application.
» Attack surface review: having a security expert review all of
the software and services (the attack surfaces) that are running
on any system.
• The goal is to remove any unnecessary software or services
to reduce the attack surfaces that are present.
» Architecture review: a review of the underlying structure
(architecture) to ensure that all applications and services
operate in the correct manner (e.g., determining that an
application does not have access to kernel code).
» Design review: a careful review of systems and solutions from
a security point of view.
• Should be done before implementation—secure by design.
• Should be conducted after implementation—to ensure that
what was requested (designed) was actually implemented.
9. Page 9
Overview of security assessment tools.
– Protocol analyzer (packet sniffer).
» A tool that will passively collect information that is traversing
the network. It can be used to determine what systems and
processes are in operation.
• One goal, when used for security purposes, is to determine if
sensitive information is being transmitted in clear text.
– Port scanner.
» A tool that will actively scan the network for the status of ports.
• One goal, when used for security purposes, is to determine if
any vulnerable ports are open (easy to exploit), so they can
be closed.
– Vulnerability scanner.
» A tool that is similar to the port scanner, but is actively
searching the system for known vulnerabilities.
» It will not only check for open ports, but it will also verify
configurations and patch levels.
• It checks the scan results against a database of known
vulnerabilities.
10. Page 10
Overview of security assessment tools.
– Banner grabbing.
» Often used in conjunction with a port scan or vulnerability scan
type assessment.
• When used with either the port or vulnerability scan, it will
return what software (and which version of it) is operating on
the open port.
• The information returned can be used to determine if the open
port truly represents a security issue.
– Honeypots and honeynets.
» A computing system or network established with the sole
purpose of attracting any hackers who breach the network.
• They have a high level of auditing in place in order to help
determine how the hacker entered the system and any
actions that the hacker engaged in while in the system.
• The actual assessment of the results of hacked
honeypots/honeynets is used to further harden the legitimate
system.
11. Page 11
Some assessment tools are
passive and some are active.
It is important to know
which are which.
Passive assessment tools are used to collect information on the
network (or system) but do not actually attempt to exploit any
weaknesses. Active assessment tools do the same thing, but
then probe the vulnerabilities to actively determine if they can be
exploited.
Using an active assessment tool without explicit permission from
the organization being examined can lead to being prosecuted.
Active assessments are, in actuality, a form of hacking—which, of
course, is an illegal activity.
Overview of security assessment tools.
12. Page 12
Overview of security assessment tools.
When conducting a security assessment, it is vital that security experts
understand what type of assessment to conduct and how to interpret the
results, or the assessment may not be valid. The different types of security
assessments include: risk, threat, and vulnerability assessments.
Assessment techniques include: baseline reporting, code review, attack
surface review, architecture review, and design review.
Topic
Types of security
assessments.
Summary
There are different tools available to security experts that can be used when
conducting a security assessment. Some of those tools include: packet
analyzers, port scanners, vulnerability scanners, banner grabbing
applications, and honeypots and honeynets. It is important to know the
difference between passive and active assessment tools. Using an active
assessment tool without proper authorization could lead to the security
expert being prosecuted.
Assessment tools.
14. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.