In this video, Marc Menninger introduces the skillsets required for security assessment reviews. Learn that this course will cover six techniques useful for successfully conducting technical security assessment reviews.
- Security assessment reviews are the process of examining documents, systems, files, and network data for two purposes, to potentially identify security gaps or vulnerabilities and to gather information for the security tests. Because information gathered from reviews will be used to help facilitate the security tests, they must come before the tests are conducted. In this chapter, I'll cover six techniques useful for conducting technical security assessment reviews.
These techniques are documentation review, log review, ruleset review, system configuration review, network sniffing, and file integrity checking. Here are some baseline skillsets for each of these techniques. For documentation review, the assessor should have a good understanding of security concepts and principles. So he can identify any missing or incorrect documentation during the review.
For log review, the assessor should have a strong familiarity with log formats for the systems under review. He needs to be able to interpret log data and identify any evidence of activity that indicates lack of security controls. He should also be able to us automated log analysis and log correlation tools. For ruleset review, the assessor should have a good understanding of how firewall and switch rulesets work, including various formats and structures.
He should also be able to analyze and correlate the rulesets from different devices. For system configuration review, the assessor should know what it takes to have a secure system configuration for any platform under review. He should also know which configuration settings represent strong security and be able to determine if they're set properly. He should be able to use automated system configuration testing tools. For network sniffing, the assessor should have a good understanding of how TCP/IP networks function, as well as be able to analyze and interpret network traffic.
He should also be able to use network sniffing tools to capture and analyze network traffic. For file integrity checking, the assessor should know how file systems work on various systems, as well as understanding file verification principles, such as hash algorithms. He should also be able to use file integrity checking tools and know how to interpret the results. With these skillsets, one should be able to successfully conduct technical security assessment reviews.
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.