Security+ Certification Exam Cram 2 (Exam Cram SYO-101)

Because security resources will always be limited in some manner, it is important to determine what resources are present that may need securing. Then you need to determine the threat level of exposure that each resource creates and plan your network defenses accordingly . Previously, we discussed how to protect resources and assets; now we'll look at how to identify the risks that affect them. In this section, we cover the following methods of identifying risks: asset identification, risk and threat assessment, and vulnerabilities.

Asset Identification

Before you can determine which resources are most in need of protection, it is important to properly document all available resources. For the purpose of our discussion, the term resource can refer to a physical item (such as a server or piece of networking equipment), a logical object (such as a Web site or financial report), or even a business procedure (such as a distribution strategy or marketing scheme). Sales demographics , trade secrets, customer data, and even payroll information could be considered sensitive resources within an organization.

Risk Assessment

After assets have been identified, you need to determine which of these assets are more important than the others and which assets pose significant security risks. During the process of risk assessment, it is necessary to review many areas, such as the following:

• Methods of access

• Authentication schemes

• Audit policies

• Hiring and release procedures

• Isolated services that may provide a single point of failure or avenue of compromise

• Data or services requiring special backup or automatic failover support

Threat Assessment

During a risk assessment, it is important to identify potential threats and document standard response policies for each. Threats may include the following:

• Direct access attempts

• Automated cracking agents

• Viral agents, including worms and Trojan horses

• Released or dissatisfied employees

• Denial of service attacks or overloaded capacity on critical services

• Hardware or software failure, including facility- related issues such as power or plumbing failures

Vulnerabilities

After you have identified all sensitive assets and performed a detailed risk assessment, it is necessary to review potential vulnerabilities and take actions to harden each based on its relative worth and level of exposure. Evaluations should include an assessment of the relative risk to an organization's operations, the ease of defense or recovery, and the relative popularity and complexity of the potential form of attack.

Many automated vulnerability-scanning tools are available for various platforms. These may be used to perform regular assessments of your network; however, because of the constant discovery of new vulnerabilities, it is also very important to include a review of newly discovered vulnerabilities as part of your standard operating procedures.

When you're performing an analysis of potential vulnerabilities, several possible steps may be taken:

• Blind testing Performing an audit from outside using no prior knowledge of an organization's network or procedures.

• Knowledgeable testing Performing an audit using known details on the infrastructure and current business practices.

• Internet service testing Attempting penetration using common exploits accessible through the Internet.

• Dial-up service testing Performing a penetration attempt against an organization's remote access servers through war-dialing and other modes of dial-up access attempts.

• Infrastructure testing Evaluating protocols used as well as the subjective user perception of operational parameters. Users may sometimes note obscure or unnecessarily complex configurations that might be exploited.

• Network testing Evaluating distributed resources, replication architecture, and critical services, such as DNS or DHCP, along with firewall and IDS configuration settings.

• Application testing Evaluating homegrown and store-bought applications. This is necessary to ensure end-to-end security.