greenbone vulnerability assessment - networkshop44
Post on 19-Jan-2017
1.132 Views
Preview:
TRANSCRIPT
Greenbone vulnerability assessment
Dirk Schrader
what‘s bad on your network:tackling it withVulnerability Management
Dirk SchraderUniversity of Manchester; March 24th, 201609:45 – 10:15, Theatre A
Introduction• Greenbone Networks• Develops Vulnerability
Management Solutions since 2004• Open Source and Transparency• Your data is your data:
NO CLOUD• German
• Dirk Schrader
• CISSP (by ISC2) in good standing
• CISM (by ISACA)in progress• 20+ years in IT Sec
• German, too
www.greenbone.net
What should be considered as ‚bad‘?
www.greenbone.net
Susceptibility Accessibility
Capability
Anything which is susceptible to misuse and accessible by an adversary with sufficient capabilities.That can be:
• Software flaws• Defaults or misconfigurations• Unauthorized or
unsuspected installations• Compliance deviation
or Non-Compliance• Policy deviation or violation
Start with a different perspective, ..
www.greenbone.net
Processes, Policies& Awareness
Physical
Perimeter
Network
Host & OS
Application
Data
Authentication
NG Firewall
N-IDPS
H-IDPS
AV-System
SIEM / ISMS
VulnerabilityManagement
insid
e –
ou
t
view
outside – in view
.. then prepare,• Define secure configurations• Whitelist systems and
applications• Map to security controls
• Still, if none is there:start simple, enhance stepwise
www.greenbone.net
Policies
Compliance
Guidelines
.. identify,• Import and/or discover
assets• Scan assets• Scan them authenticated
• CPE information is vital
www.greenbone.net
.. classify,• use CVSS, CVE, and CPE• enhance with add SecInfo
• most important, tag with Asset Criticality info
www.greenbone.net
.. prioritize,• based on Score, Quality of Detection,
and available Solution Type• adding Asset Criticality Information
• Attack status confirms
www.greenbone.net
.. assign,• use Reports, Alerts, or a Ticket
System• based on Knowlegde,
Experience, and Role
• track and trace assignment
www.greenbone.net
.. mitigate and remediate,• patch and/or upgrade• block and/or isolate• work around
• override is also a temporary option
www.greenbone.net
.. store and repeat,..• predict and trend assets• handle changes in infrastructure• time-stamped data supports Forensics
• average of 40 high severity flawspublished per week• 24h/48h ‚Window of Vulnerability‘
www.greenbone.net
.. and improve!• Eases implementation of Updates
and Changes to Policies,Guidelines, and Compliance• Meaningful KPIs for the IT Security
documented• The number of vulnerabilities over time is
not meaningful• But the time needed to mediate/mitigate
(reduced by..)• The time needed to identify
(faster by x)• Fail/pass ratio of adherence to policy,
compliance (increased by ..)
www.greenbone.net
the process of Vulnerability Management
www.greenbone.net
prepare
identify classify
prioritize
assign
mitigate &remediate
store &repeat
improve
•Thank you,•ready for questions ?!
top related