Step 1: Open the SANS Top 20 List
Using a web browser, go to http://www.sans.org/. On the resources menu, choose top 20 list. The SANS Top-20 Internet Security Attack Targets list is organized by category. An identifying letter indicates the category type, and numbers separate category topics. Router and switch topics fall under the Network Devices category, N. There are two major hyperlink topics:
N1. VoIP Servers and Phones
N2. Network and Other Devices Common Configuration Weaknesses
Step 2: Review common configuration weaknesses
- Click hyperlink N2. Network and Other Devices Common Configuration Weaknesses.
- List the four headings in this topic.
Step 3: Review common default configuration issues
Review the contents of N2.2 Common Default Configuration Issues. As an example, N.2.2.2 (in January 2007) contains information about threats associated with default accounts and values. A Google search on “wireless router passwords” returns links to multiple sites that publish a list of wireless router default administrator account names and passwords. Failure to change the default password on these devices can lead to compromised security and vulnerability to attackers.
Step 4: Note the CVE references
The last line under several topics cites references to CVE or Common Vulnerability Exposure. The CVE name is linked to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), sponsored by the United States Department of Homeland Security (DHS) National Cyber Security Division and US-CERT, which contains information about the vulnerability.
Step 5: Investigate a topic and associated CVE hyperlink
The remainder of this lab walks you through a vulnerability investigation and solution. Choose a topic to investigate, and click on an associated CVE hyperlink. The link should open a new web browser connected to http://nvd.nist.gov/ and the vulnerability summary page for the CVE.
NOTE: Because the CVE list changes, the current list may not contain the same vulnerabilities as
those in January 2007.
Step 6: Record vulnerability information
Complete the information about the vulnerability. Answers vary
Original release date: ____________________________
Last revised: ___________________________________
Source: _______________________________________
Overview: _____________________________________
Step 7: Record the vulnerability impact
Under Impact, there are several values. The Common Vulnerability Scoring System (CVSS) severity is
displayed and contains a value between 1 and 10. Complete the information about the vulnerability impact. Answers vary CVSS Severity
Access Complexity: ______________________________________________
Authentication: __________________________________________________
Impact Type: ___________________________________________________
Step 8: Record the solution
The References to Advisories, Solutions, and Tools section contains links with information about the
vulnerability and possible solutions. Jawaban: Using the hyperlinks, write a brief description of the solution found on those pages. Answers vary
Step 9: Reflection
The number of vulnerabilities to computers, networks, and data, continues to increase. Many national governments have dedicated significant resources to coordinating and disseminating information about security vulnerability and possible solutions. It remains the responsibility of the end user to implement the solution. Think of ways that users can help strengthen security. Write down some user habits that create security risks.
Jawaban: Using weak passwords, Writing down passwords, Not changing passwords frequently, Not securing workstations when leaving them unattended, Not following procedures or protocols when divulging network information (checking a person’s identity and clearance to have that information). Creating a “work-around” solution to a current security requirement (if it impedes a work process) instead of formally requesting that the issue be reviewed and amended. (Network administrators also need to be aware that network functionality is essential and that implementing security measures that render a business network feature inoperable is not viable.).
Tidak ada komentar:
Posting Komentar