Sunday, April 7, 2024

CyberSecurity - Technical Documentation

One must have the following points documented when a cybersecurity project transition from implementation phase to operational phase:

  1. Scope (Project Scope)
  2. Architecture
  3. Roles and Responsibilities
  4. Escalation Path
  5. Run Books
  6. Asset Lists
  7. SLA Review and Documentation
  8. Metrics and Reporting Documentation
  9. Training Materials
  10. Knowledge Transfer (From Project to BAU team)
Happy Learning
vulnerabilitymanagement cybersecurity
at No comments:

Vulnerability Management - Nessus on a Windows Server OS versus a Windows Desktop OS

Microsoft Windows desktop systems have network limitations that may impact the performance of Nessus. The TCP/IP stack limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit is reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate (10 per second). If too many enter the queue, they may be dropped.


This has the effect of causing a Nessus scan on a Windows desktop OS to potentially have false negatives. For better accuracy, it is recommended that Nessus on a Windows desktop OS have its port scan throttle setting down to the following, which is found in the "Performance" setting type under General Settings of a new policy:

Max number of hosts: 10

Max number of security checks: 4

Max number of packets per second for a port scan: 50

For increased performance and scan reliability, it is highly recommended that Nessus Windows be installed on a server product from the Microsoft Windows family.

Please refer the below URL for more details:
https://www.tenable.com/products/nessus/nessus-faq

Happy Learning
vulnerabilitymanagement cybersecurity
at No comments:

Vulnerability Management - Determining Scan Frequency

1. Scan on quarterly basis

Suitable when ->
a. The enterprise is small
b. Resources are constrained for scanning and/or analysis
c. Vulnerability scanning is done by an external firm (i.e. an MSSP)

Drawback -> Difficult to increase frequency while focused on the entire enterprise

2. Scan on weekly/monthly basis
Suitable when ->
a. The enterprise is large and identifiable units
b. Scanning timetables can be coordinated with remediation actions by business unit IT staff
c. Analysis and prioritization of vulnerabilities can occur quickly

Drawback -> Requires coordination with IT to ensure coordinated remediation

3. Continuous Scanning -> Always some part of the enterprise is being scanned
Suitable when ->
a. The VM team has the skills and resources to maintain continuous scanning
b. Assets in the enterprise change quickly

Drawback -> Analysis of vulnerabilities need to happen at scale and very quickly

Starting point for a typical scanning strategy:

1. Discovery Scan -> Scan all IP address ranges on daily basis, but leave out all the hosts known from previous scans.
2. Full Vulnerability Scan -> Scan live systems found in discovery scan on weekly basis (This means only doing time-consuming port-scanning for up-and-running hosts, since this scan is done against known targets, not entire IP address ranges. This massively reduces the time required for the scan while delivering complete and precise results.)

Please refer the below URL for more details:
https://www.tenable.com/blog/5-tips-on-how-to-conduct-a-vulnerability-assessment

Happy Learning
vulnerabilitymanagement cybersecurity
at No comments:

Vulnerability Management - VBA Use Cases

We all have to do a lot manual work to present or analyse vulnerability data in VM domain. VBA helps a lot in automating such tasks.

Following are the few use cases I worked on:

  1. Convert multiple CSV files into XLSX files.
  2. Combine data from multiple XLSX files into one XLSX file.
  3. Apply various formulas or create pivots on multiple XLSX files.
  4. Correlate current dataset with past dataset (New vs Remediated vulnerabilities).
  5. Check whether a list of IP addresses belongs to a list of subnets.
  6. Populate data in PowerPoint charts/tables from Excel (Useful when you have to update 40-50 charts/tables).
  7. Split one single XLSX into multiple XLSX files based on criteria like Prod/Non-Prod (Environment), Windows/Linux (Platform), Tower owners.
  8. Create dashboards based on various criteria such as ageing, severity etc.
  9. Fetch vulnerability data from a website.
  10. One can create Word/PowerPoint/Outlook objects and interact with these applications.
  11. Ping a list of computers and check whether they are up or down.
  12. Invoke command prompt, run commands and save output in notepad file.

Please remember, these tasks might look simple and they are indeed simple, only problem is the repetitive nature of such tasks like applying same formula on 100 worksheets.

Please refer to the link below for further details:
https://www.nobledesktop.com/learn/vba/what-is-vba

Happy Learning
vulnerabilitymanagement
at No comments:
Subscribe to: Posts (Atom)

Vulnerability Management - Understanding vulnerability posture

Understanding the vulnerability posture of an organisation at a basic level helps you drive remediation efforts. So, I don't know what t...