Identifying and Analyzing

Threats, Vulnerabilities, and

Exploits
 Objectives

• Threat assessments
• Vulnerability assessments
• Exploit assessments

http://fpt.edu.vn 05/11/202 2
4
 Threat Assessments

• Identifying and evaluating potential threats.

– The goal is to identify the MOST likely threats.
• A threat is any activity that represents a possible danger.
– Impact on confidentiality
– Impact on integrity
– Impact on availability
• When a threat is matched with a vulnerability, a risk occurs
– Risk = Vulnerability  Threat

http://fpt.edu.vn 05/11/202 3
4
 Techniques for Identifying Threats
• Two primary techniques
– Review Historical Data
• Organization Historical Data: internal users, disgruntled employee, equipment failure, software failure,
data loss, attacks
• Similar Organization’s Historical Data
• Local Area Data
– Threat Modeling: when performing, ask the key questions:
• What system are you trying to protect?
• Is the system susceptible to attacks?
• Who are the potential adversaries?
• How might a potential adversary attack?
• Is the system susceptible to hardware or software failure?
• Who are the users?
• How might an internal user misuse the system?
– Important to have a best understanding of the system or application you’re evaluating.
– Wired Equivalent Privacy (WEP) is an example of how security can fall short if not considered throughout
the development cycle.
• Analogy and Comparison with Similar Situations and Activities
http://fpt.edu.vn
– Law enforcement personnel commonly use threat assessments. 05/11/202 4
4
 Best Practices for Threat Assessments Within
the Seven Domains of a Typical IT Infrastructure

• Assuming nothing, recognizing that things change.

• Verifying that systems operate and are controlled as
expected.
• Limiting the scope of the assessment to a single domain at a
time.
• Using documentation and flow diagrams to understand the
system you’re evaluating.

http://fpt.edu.vn 05/11/202 5
4
 Best Practices for Threat Assessments Within
the Seven Domains of a Typical IT Infrastructure

• Identifying all possible entry points for the domain you’re

evaluating.
• Considering threats to confidentiality, integrity, and
availability.
• Considering internal and external human threats.
• Considering natural threats.

http://fpt.edu.vn 05/11/202 6
4
 Vulnerability Assessments

• A vulnerability assessment (VA) is performed to identify

vulnerabilities within an organization.
– Any weaknesses in your IT infrastructure: servers, networks, personnel.
• Performing VA testing internally or externally
– Internal assessments - security professionals try to exploit the internal
system to see what they can learn about vulnerabilities.
– external assessments - personnel outside the company try to exploit the
system to see what they can learn.

http://fpt.edu.vn 05/11/202 7
4
 Vulnerability Assessments Methods
• Documentation review
– Incidents, Outage reports, Assessment reports
• Review of system logs, audit trails, and intrusion detection
system outputs
– The three common sources of information, you should review all of it.
• Vulnerability scans and other assessment tools
– Identifying vulnerabilities
– Scanning systems and network
– Provide metrics
– Documenting results

http://fpt.edu.vn 05/11/202 8
4
 Vulnerability Assessments Methods (cont.)
• Audits and personnel interviews
– A VA audit checks compliance with internal policies.
– Conducting personnel interviews to identify the security knowledge of personnel.
• Process analysis and output analysis
– Process analysis is performed in some systems to determine if vulnerabilities exist in
the process.
– Output analysis is performed by examining the output to determine if a vulnerability
exists.
• Testing
– System Testing used to test individual systems for vulnerabilities
– Functionality Testing primarily used with software development
– Access Controls Testing verifies user rights and permissions
– Penetration Testing attempts to exploit vulnerabilities
– Transaction and Application Testing ensures that an application will function correctly
– with a back-end database.
http://fpt.edu.vn 05/11/202 9
4
 Best Practices for Vulnerability Assessments Within
the Seven Domains of a Typical IT Infrastructure
• Identifying assets first
– Asset management (Lecture 7) helps to identify what resources to protect
• Ensuring scanners are kept up to date
– Vulnerability scanners need to be updated regularly
• Performing internal and external checks
– Attacks can come from internal and external sources
• Documenting the results
– Some VAs can be used to document compliance with laws and regulations
• Providing reports
– will summarize the important findings and provide recommendations

http://fpt.edu.vn 05/11/202 10
4
 Exploit Assessments

• Simulate an attack to determine, if the attack can succeed

• An exploit test usually starts with a vulnerability test to
determine the vulnerabilities
• Many large organizations have dedicated security teams
used to perform exploit assessments
• Learn what is needed to protect an organization from the
exploits
• Whether you’re working as an IT professional or in IT
management, you should understand some of the basics.

http://fpt.edu.vn 05/11/202 11
4
 Exploit Assessments

• Identifying exploits
– Social Engineering, MAC Flood Attack, TCP SYN Flood Attack
• Mitigating exploits with a gap analysis and remediation plan
• Implementing configuration or change management
• Verifying and validate the exploit has been mitigated

http://fpt.edu.vn 05/11/202 12
4
Best Practices for Performing Exploit Assessments
Within an IT Infrastructure

• Getting permission first

• Identifying as many exploits as possible
• Using a gap analysis for legal compliance
• Verifying that exploits have been mitigated

http://fpt.edu.vn 05/11/202 13
4