diff --git a/2023.md b/2023.md index c78cd32..f0469d6 100644 --- a/2023.md +++ b/2023.md @@ -70,7 +70,7 @@ Or contact us via Twitter, my handle is [@MichaelCade1](https://twitter.com/Mich - [โœ”๏ธ] ๐ŸŒ 22 > [Continuous Image Repository Scan - Container Registries](2023/day22.md) - [โœ”๏ธ] ๐ŸŒ 23 > [Artifacts Scan](2023/day23.md) - [โœ”๏ธ] ๐ŸŒ 24 > [Signing](2023/day24.md) -- [] ๐ŸŒ 25 > [](2023/day25.md) +- [โœ”๏ธ] ๐ŸŒ 25 > [Systems Vulnerability Scanning](2023/day25.md) - [] ๐ŸŒ 26 > [](2023/day26.md) - [] ๐ŸŒ 27 > [](2023/day27.md) diff --git a/2023/day25.md b/2023/day25.md index e69de29..a9b3517 100644 --- a/2023/day25.md +++ b/2023/day25.md @@ -0,0 +1,84 @@ +# Systems Vulnerability Scanning + +## What is systems vulnerability scanning? + +Vulnerability scanning is the process of scanning a network or system to identify any existing security vulnerabilities. + +It is a proactive measure used to detect any weaknesses that an attacker may exploit to gain unauthorised access to a system or network. + +Vulnerability scanning can be either manual or automated. +It can involve scanning for known vulnerabilities, analysing the configuration of a system or network, or using an automated tool to detect any possible vulnerabilities. + +## How do you perform a vulnerability scan? + +A vulnerability scan is typically performed with specialised software that searches for known weaknesses and security issues in the system. + +The scan typically looks for missing patches, known malware, open ports, weak passwords, and other security risks. + +Once the scan is complete, the results are analysed to determine which areas of the system need to be addressed to improve its overall security. + +## What are the types of vulnerability scans? + +There are two main types of vulnerability scan: unauthenticated and authenticated. + +Unauthenticated scans are conducted without any credentials and, as such, can only provide limited information about potential vulnerabilities. +This type of scan helps identify low-hanging fruit, such as unpatched systems or open ports. + +Authenticated scans, on the other hand, are conducted with administrative credentials. +This allows the scanning tool to provide much more comprehensive information about potential vulnerabilities, including those that may not be easily exploitable. + +In the next two days we are going to take a look at containers and network vulnerability scan, which are more specific subsets os system vulnerability scanning. + +## Why are vulnerability scans important? + +Vulnerabilities are widespread across organisations of all sizes. +New ones are discovered constantly or can be introduced due to system changes. + +Criminal hackers use automated tools to identify and exploit known vulnerabilities and access unsecured systems, networks or data. + +Exploiting vulnerabilities with automated tools is simple: attacks are cheap, easy to run and indiscriminate, so every Internet-facing organisation is at risk. + +All it takes is one vulnerability for an attacker to access your network. + +This is why applying patches to fix these security vulnerabilities is essential. +Updating your software, firmware and operating systems to the newest versions will help protect your organisation from potential vulnerabilities. + +Worse, most intrusions are not discovered until it is too late. According to the global median, dwell time between the start of a cyber intrusion and its identification is 24 days. + +## What does a vulnerability scan test? + +Automated vulnerability scanning tools scan for open ports and detect common services running on those ports. +They identify any configuration issues or other vulnerabilities on those services and look at whether best practice is being followed, such as using TLSv1.2 or higher and strong cipher suites. + +A vulnerability scanning report is then generated to highlight the items that have been identified. +By acting on these findings, an organisation can improve its security posture. + +## Who conducts vulnerability scans? + +IT departments usually undertake vulnerability scanning if they have the expertise and software to do so, or they can call on a third-party security service provider. + +Vulnerability scans are also performed by attackers who scour the Internet to find entry points into systems and networks. + +Many companies have bug bountry programs, that allow enthical hackers to report vulnerabilities and gain money for that. +Usually the bug bountry programs have boundaries, e.g. they define what is allowed and what is not. + +Participating in big bounty programs must be done resposibly. +Hacking is a crime, and if you are caugh you cannot just claim that you did it for good, or that you were not going to exploit your findings. + +## How often should you conduct a vulnerability scan? + +Vulnerability scans should be performed regularly so you can detect new vulnerabilities quickly and take appropriate action. + +This will help identify your security weaknesses and the extent to which you are open to attack. + +## Penetration testing + +Penetration testing is the next step after vulnerability scanning. +In penetration testing professional ethical hackers combine the results of automated scans with their expertise to reveal vulnerabilities that may not be identified by scans alone. + +Penetration testers will also consider your environment (a significant factor in determining vulnerabilitiesโ€™ true severity) and upgrade or downgrade the score as appropriate. + +A scan can detect something that is vulnerability, but it cannot be actively exploited, because of the way it is incorporated into our system. +This makes the vulnerability a low priority one, because why fix something that presents no danger to you. + +If an issue comes up in penetration testing then that means that this issue is exploitable, and probably a high priority - in the penetation testers managed to exploit it, so will the hackers.