EC-Council Certified

Network Security
Administrator

Module XXX:
Network Vulnerability
Assessment
 Module Objective

This module will familiarize you with

the following concepts:
• Vulnerability Assessment Services
• Network Vulnerability Assessment Methodology
• Vulnerability Assessment Tools

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Module Flow

Vulnerability Assessment Services

Network Vulnerability
Assessment Methodology

Vulnerability Assessment Tools

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Vulnerability Assessment

Vulnerability is the degree to which a software system or component is

open to unauthorized access, change, or disclosure of information and
is susceptible to interference or disruption of system services:

• Includes weak passwords and exposed network service that allows routers to
the link to the malicious programs

Vulnerability assessment is the process of identifying and reporting

vulnerabilities:

• Validates security measures

• Determines the impact of the solution applied

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Goals of a Vulnerability Assessment

Testing the entire security domain to detect the

areas prone to attack:

• Involves the time spent on identifying the vulnerability and

the cost incurred in assessing the vulnerability

Generate a clear and crisp report:

• The main aim of vulnerability assessment is to produce

useful results
• Useful results can be attained if the information contained in
the report is acceptable by the audience intended for

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Features of a Good Vulnerability
Assessment

Comprehensive:

Influenced by two major factors

Experience

Result must be reproducible

Multi-Test Environment

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Network Vulnerability Assessment
Timeline
Produce the detailed report about the points of weakness found in the
network with respect to the data and resource vulnerabilities

Recommendations made by the Network Vulnerability Assessment

Timeline:

Policy and procedures modifications

Architecture and topology changes

Possible security hardware and software implementation

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Vulnerability Classes

Two main classes of vulnerabilities are:

Hard vulnerabilities

• Flaws present in the software having loopholes that can be

exploited
• Referred to as ‘bugs’ and are fixed with service packs and hotfixes

Soft vulnerabilities

• Misconfigurations by network and security administrators

• Occurs as a result of network or security device being hacked
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Source of Vulnerabilities

Design Flaws:

• Design flaw is an error in software design that occurs independently

from a concrete implementation

Poor Security Management:

• Refers to the weakness in the management and in the operational

practices of a system

Incorrect Implementation:

• Mistakes made by the programmers in the implementation of

software
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Choice of Personnel for Network
Vulnerability Assessment Team (NVAT)

NVAT includes representatives from:

• Information technology.
• Network management.
• Auditing.
NVA team should enroll other departments and
business units like physical security and human
resources as support members.

Includes political and technical members to ensure

success.

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Network Vulnerability Assessment
Methodology

Specifies scope definition approach to be followed, examining the

requirements and generating a report that comprises of all the decisions
drafted by the management

Phases involved are:

• Acquire and review the business objectives and strategies and statements
• Identify interview representatives, internal customers, collects documents, and evaluates
the security performance
• Analyze success factors, sensitive data, security risks, and design effective action
• Evaluate security policies, risks, effectiveness of safeguard, and presenting a draft report
• Generate a final report supported with queries to be responded by the NVA team

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Network Vulnerability Assessment
Methodology: Phase I -Acquisition
Describes a list of required documents and
prepares a checklist that requires the team to:

Review laws and procedures that guides a

particular client

Identify and review the relevant

documents

Illustrate a list vulnerabilities that

requires testing

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Phase II: Identification

Conduct interviews with customers and employees

entangled in system architecture, design, and
administration

• Evaluates a customer and updates the changes required in

the organization's policies and procedures

Gather technical information for implementing it for

the respective network usage

Acquire documents from the appropriate business

units

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Phase III: Analyzing

Review interviews, examine results, and analyze security

vulnerabilities identifying risks

NVA assesses vulnerabilities for applying effective safeguards

Analyze

Risk analysis provides information to build cost-effective

safeguards

Threat analysis identifies threats and vulnerabilities and the

areas that require tight scrutiny

Security policy evaluates the security practices like handling

incidents and protecting assets of the organization

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Phase IV: Evaluation

The result of analysis must be presented in a

draft report to be evaluated for further
variations

Define terms and methods to ensure

information is apt for NVA

Security profile holds information to be

collected from the former phases

All documents must be stored in a central

database for generating the final report

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Phase V: Generating Reports

NVA team lead generates the final report that covers:

Upgrading the NVA process

Task rendered by each team member

Presenting the findings

Providing general and specific

recommendations

Concluding with queries to be answered by the

NVA team
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 How to Detect Vulnerability

Host-base tools

Windows-based vulnerability assessment tools

Password and checking vulnerability assessment tools

Application layer vulnerability assessment tools

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Selecting Vulnerability Assessment
Tools

Points to be considered while choosing a security

assessment tool:

• Goals for deploying the security assessment tool should be

specified
• Human experience of security assessment should be used
• Freeware security tools should be preferred to reduce the
financial burdens of the organization
• Choose the tool with efficient reporting features, so that it
can be easily understood for taking required actions

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Vulnerability Assessment Tool: SAINT

A vulnerability-scanning engine, which detects the

threat and vulnerability of the different devices and
processes them across the network

Steps involved:

• Screens every working system and equipments of the

network
• Performs checks to detect any vulnerable point that can
be used be the attackers to attack
• Detects all the vulnerabilities to the system
• Focuses on the threat according to their priority and
need

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Scanning Tools: Nessus

Features of Nessus:

• Smart service recognition

• Multiple services
• Full SSL support
• Non-destructive or thorough
• Offers reliable, non-destructive security checks

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Tool: BindView

Manages, analyzes, and reports IT security compliances of operating

systems, software applications, and databases employed in an organization

Detects all the equipments deployed across the network

Assesses the level of the threats to the system

Alerts signals for preventing the loss of security lapses

Holds content database that maintains a record of the vulnerabilities to the

system

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Tool: Retina

Identifies known vulnerabilities and prioritizes threats

Features:

• Secures networks against new vulnerabilities

• Enforces standard-based registry settings through customer audit
policy
• Performs scanning without administrative privileges
• Scans across the network where applications or services are not
impacted as part of your vulnerability assessment process

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Tool: Sandcat Scanner

Provides rapid security assessments of web applications

Compatible with HTTPS (SSL) and Common Vulnerabilities and

Exposures (CVE) standards

Features:

• Provides more than 56,000 security checks for all leading web server
platforms
• Performs destructive and non-destructive scans
• Tests IDS
• Identifies and analyzes server’s configurations

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Tool: VForce

A web application security scanner

Tests web applications and more complex applications to secure against

attacks

Identifies new vulnerabilities and assesses impacts on the system

Features:

• Manipulates HTTP requests

• Automatic documentation of all tests
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 NVA-Team Checklist

Identify the team members and list them based on their

responsibility

Identify the network developers and persons in charge of

maintenance and management of system

Identify components, management systems, network services,

and security system involved in the assessment team

Identify the critical host computer systems and critical

applications that are part of the assessment

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Tool: ScanIT Online

An Internet-based vulnerability scanner

Assesses the security of an IT environment from a standalone

computer to an entire network

Detects security vulnerabilities on any remote target

Obtains information such as operating system types and open

ports

Features:
• Detects and prioritizes critical vulnerabilities and ensures
proper safeguards
• Permits administrator to design and generate vulnerability
assessment reports
• Alerts against vulnerabilities arising in computer networks
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
 Summary

Vulnerability is the degree to which a software system or component is open to

unauthorized access, change, or disclosure of information and is susceptible to
interference or disruption of system services.

Vulnerability assessment is the process of searching and reporting

vulnerabilities.

Vulnerability classes are comprised of hard and soft vulnerabilities.

Phases involved in vulnerability assessment include: acquisition, identification,

analyzing, evaluating, and generating.

Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited