Types of Vulnerability Assessment

-

Given below are the different types of vulnerability assessments:

 Active Assessment

Active assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.

 Passive Assessment

Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are a recently using the network.

External Assessment

External assessment assesses the network from a hacker's point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks external to the organization. it determines how secure the external network and firewall are.

The following are some of the possible steps in performing an external assessment:

    • Determine the set of rules for firewall and router configurations for the external network
    • Check whether external server devices and network devices are mapped
    • identify open ports and related services on the external network
    • Examine patch levels on the server and external network devices
    • Review detection systems such as IDS, firewalls, and application-layer protection systems
    • Get information on DNS zones
    • Scan the external network through a variety of proprietary tools available or the Internet
    • Examine web applications si.ch as e-commerce arc shopping cart software for vulnerability
  
 Internal Assessment

An internal assessment involves scrutinizing the internal network to find exploits and vulnerabilities. The following are some of the possible steps in performing an internal assessment:

    • Specify the open ports aria related services on network devices, servers, and systems
    • Check for router configurations and tire wall rule sets
    • List the internal vulnerabilities of the operating system and server
    • Scan for Trojans that may be present in the internal environment
    • Check the patch levels on the organization's internal network devices, servers, and systems
    • Check for the existence of malware, spyware, and virus activity and document them
    • Evaluate the physical security
    • Identify and review the remote management process and events
    • Assess the file-sharing mechanisms if or example, NFS and SMB/CIFS shares) 0 Examine the antivirus implementation and events.

Host-based Assessment

Host-based assessments are a type of security check that involves carrying out a configuration-level check through the command line. These assessments check the security of a particular network or server. Host-based scanners assess systems to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Host-based assessment can use many commercial and open-source scanning tools.

 Network Assessments

vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. Network assessment professionals use firewall and network scanners such as Nessus. These scanners find open ports, recognize the services running on those parts, and find vulnerabilities associated with these services. These assessments help organizations determine how vulnerable systems are to Internet and Intranet attacks. and how an attacker can gain access to important information. 

A typical network assessment conducts the following tests on a network:

    • Checks the network topologies for inappropriate firewall configuration
    • Examines the router filtering rules
    • Identities inappropriately configured database servers
    • Tests individual services and protocols such as HTTP, SNMP, and FTP
    • Reviews HTML source code for unnecessary information
    • Performs bounds checking on variables

 Application Assessments

An application assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems. It analyzes all elements of an application infrastructure, including deployment and communication within the client and server. This type of assessment tests the web server infrastructure for any misconfiguration, outdated content, and known vulnerabilities. Security professionals use both commercial and open-source tools to perform such, assessments.

Wireless Network Assessments

Wireless network assessment determines the vulnerabilities in an organization's wireless networks. In the past, wireless networks used weak and defective data encryption mechanisms. Now, wireless network standards have evolved, but many networks still use the weak and outdated security mechanisms and are open for attack. Wireless network assessments try to attack wireless authentication mechanisms and get unauthorized access.

 This type of assessment tests wireless networks and identifies rogue wireless networks that may exist within an organization's perimeter. These assessments audit client-specified sites with a wireless network. They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access once they get access to the wireless network.

    • identify open ports and related services on the external network
    • Examine patch levels on the server and external network devices
    • Review detection systems such as IDS, firewalls, and application-layer protection systems
    • Get information on DNS zones
    • Scan the external network through a variety of proprietary tools available or the Internet
    • Examine web applications si.ch as e-commerce arc shopping cart software for vulnerability 




Comments

  1. Niraj Kumar25 April 2021 at 04:52

    Great Blog and very helpful information! Vulnerability assessment is definitely important because it provides you with information about security weaknesses. This process provides you with a better understanding of your IT infrastructure, security flaws and overall risk, which greatly improves information security and application security standards while reducing the likelihood that a cybercriminal will gain unauthorized access to your organization. With cyber threats evolving at an unthinkable rate, Vulnerability assessment is essential. In my experience, with advanced intelligence, Komodo Consulting conducts the best Vulnerability assessment for business security.

    ReplyDelete
  2. Ace Myhomework12 February 2022 at 03:52

    Keep sharing such amazing blogs. Our Penetration Testing firm offers professional cyber security consulting services. Hire cyber security professionals today!
    vulnerability assessment

    ReplyDelete
  3. Aishah Mahsuri16 March 2022 at 05:53

    Very good article with very useful information. Visit our website for Vulnerability assessment and penetration testing services

    ReplyDelete
  4. cybersecurity8 April 2022 at 23:28

    Really a great addition. I have read this marvelous post. Thanks for sharing information about it. I really like that. Thanks so lot for your convene. application security testing

    ReplyDelete
  5. edicksnelson18 April 2022 at 21:26

    I found your blog and it was really useful as well as informative thanks for sharing such an article with us. We also provide services related to ISO 27001 Lead Auditor Certification Online

    ReplyDelete
  6. Anonymous20 April 2022 at 05:46

    Types Of Vulnerability Assessment >>>>> Download Now

    >>>>> Download Full

    Types Of Vulnerability Assessment >>>>> Download LINK

    >>>>> Download Now

    Types Of Vulnerability Assessment >>>>> Download Full

    >>>>> Download LINK xF

    ReplyDelete
  7. Aishah Mahsuri30 April 2022 at 05:47

    you have written an excellent blog.. keep sharing your knowledge...

    Digital marketing course malaysia

    ReplyDelete
  8. bhanu11 May 2022 at 22:47


    Thanks for your information. very good article.
    ServiceNow Training
    ServiceNow Online Training

    ReplyDelete
  9. Vumetric18 May 2022 at 03:49

    Interesting and amazing how your post is! It Is Useful and helpful for me That I like it very much, and I am looking forward to Hearing from your next.. enterprise security

    ReplyDelete
  10. James Zicrov19 May 2022 at 04:56

    I just wanted to say this is an elegantly composed article as we have seen here.

    Vulnerability Scanning Tools

    ReplyDelete
  11. noah13 June 2022 at 20:38


    nice post.
    iso certification in pune

    ReplyDelete
  12. Kanishka1 July 2022 at 21:41

    Thanks for sharing this great content. It is really informative and useful., You can also check this Similar site iso 27001 lead auditor training

    ReplyDelete
  13. Rukesh Pandey22 September 2022 at 04:34


    Thank you very much for updating a helpful content!
    Do you looking for a Top 10 Spy Cameras for home or office at the lowest price with high-quality resolution? Select Spy Camera Shop in Ghaziabad with free home delivery. For any query Call us on 9999 33 2099/2499.

    ReplyDelete
  14. joseph kuruvilla5 July 2023 at 05:46

    Impressive and powerful suggestion by the author of this blog are really helpful to me erp software in chennai

    ReplyDelete

Post a Comment

Popular posts from this blog

10 Secrets You Will Never Know About Cyber Security And Its Important

-
Image
Know about Cyber Security Whether you’re a techie or not, there’s a good chance that your life is very reliant on the net and its wonders. Your social media accounts are likely humming, and you recognize your way round the IOT devices you employ . All of those devices connect you to the cyber world in a method or another. Here are 12 things to understand about  cyber security . And once you are sharing such a lot of your data online daily, you may also care about your cyber security.  If you’ve always thought cyber security are a few things only big companies got to care about change your mind, now. Cyber security is as critical on a private level, because it is on a company’s level. Besides, there’s hardly any job or profession, that’s not supported technology. With  jobs or a career in mind , you need to understand what threatens your security online and what you’ll be able to do to stay your data secure. 1  You’re a target to hackers Don’t ever say “It won’t happen t
Read more

ISO 27001 Annex : A.5 Information Security Policies

-
Image
5. 1  Management direction for information security ISO 27001 Annex : A.5 Information Security Policies, Its objective is to provide management guidance and  information security  assistance in accordance with business requirements and relevant laws and regulations. 5.1.1 Policies for Information Security Control-   A set of information security policies should be established, managed accepted, published and communicated to the employees and related external parties. Implementation Guidance-  At the very least companies need to identify a management-approved “information security strategy,” which outlines the organization’s approach to managing its information security goals. Information security policies should meet criteria that have been created by: Business strategy; Regulations, legislation and contracts; The present and projected  information security threat  environment Related Product :   ISO 27001 Lead Auditor Training And Certification ISMS The informa
Read more

Impact Of ISO 27001 Lead Auditor

-
Image
Information Security Management System  ISO 27001   Standard is an Information Security Management System. The main objective of this standard is the organization shall establish, implement and maintain the information security system within the organization. Evaluate the information security Risk at each stage of operation and take the necessary action to reduce the information security Risk within the organization. In common business practice the ISO 27001 standard is also referred as ISMS standard. The summarized requirement details of ISO 27001 are given below: Context of The Organization The organization shall identify the internal and external issue related to  information security , including the legal, regulatory and contractual requirements. Determining the scope of information security management system and establishing the information security management system. Leadership The top management of the organization demonstrates the leadership and commitments to
Read more