Types of Assessments
Active
Runs software to discover network hosts.
Send probes.
Checks information repositories.
Runs tools to actively test software/systems.
Sends crafted arguments, payloads, and packets.
Creates flaws.
MiTM, DoS, etc…
May disrupt systems!
Detection of vulnerability may have an impact.
Passive
Runs software to eavesdrop on traffic.
Observe logs and dumps.
Network logs.
Service/application logs.
Host logs.
May be run for a long time in production.
Minimal impact.
External
Focus on the public exposition.
External attackers.
Targets:
Publicly available routers and firewall rules.
Publicly available IP Ports.
Public services (DNS).
Information exposed to the public.
Security mechanisms (throttling, TLS, blocking).
Allows to find vulnerabilities and enable deployment of countermeasures at FWs.
For assessment and exploitation.
Host Based
Focus on misconfigurations, permissions, existing software, and updates.
Targets:
Servers.
VMs.
Workstations and Laptops.
Allows for finding vulnerabilities that could be explored by insiders or an attacker that gained access to the systems.
Network
Focus on the communications of the network infrastructure.
Rules, misconfigurations, updates.
Individual services (FTP, SMTP, LDAP).
Targets:
Communication links.
Networking Gear.
Finds how exposed systems are to exploitation.
Finds what information may be leaked.
Wireless
Focus on the wireless communications of the network infrastructure and support services.
Rules, misconfigurations, updates.
Authentication, confidentiality, and access control.
Guest access.
Targets:
Wireless Networking Gear.
Authentication servers.
Networking Gear (VLANs).
Similar to network, but with specific tools due to range and authn/authz.
Application
Focus on a single application.
Input-output.
Logic errors.
Authentication and authorization processes.
Operational assumptions.
Related services (databases, firewalls).
Targets:
Application.
Service.
Finds software vulnerabilities in the targeted application.
Bugs or flaws.
Last updated
