robchi's version from 2018-02-03 23:48

Steps in vulnerability management process

Question Answer
Step 1Identify requirements.
Step 2Establish scanning frequency.
Step 3Configure tools to perform scans according to specification.
Step 4Execute scanning.
Step 5Generate reports.
Step 6 Perform remediation.
Step 7Perform ongoing scanning and continuous monitoring.

CVSS Metrics

Question Answer
Attack Vector (AV)Local, Adjacent, Network (L,A,N)
Availability (A)None, Partial, Complete (N,P,C)
Access Complexity (AC)High, Medium, Low (H,M,L)
Authentication (Au)Multiple, Single, None (M,S,N)
Integrity (I)None, Partial, Complete (N,P,C)
Confidentiality (C) None, Partial, Complete (N,P,C)

CVSS Qualitative severity rating scale

Question Answer
Low0.1 - 3.9
Medium4.0 - 6.9
High7.0 - 8.9
Critical9.0 - 10.0

Attacks and their mitigations

Question Answer
Cross-site request forgery (CSRF)Validate both the client and server side.
Cross-site scripting (XSS)Implement input validation.
Session hijackingEncrypt communications between the two parties.
Malicious add-onsImplement application white-listing.

Steps in Forensic Investigation

Question Answer
Step 1Identification
Step 2Preservation
Step 3Collection
Step 4Examination
Step 5Analysis
Step 6Presentation
Step 7Decision

System Development Life Cycle

Question Answer
Step 1Initiation
Step 2Development of Acquisition
Step 3Implementation and Assessment
Step 4Operations and Maintenance
Step 5 Disposal

What type of Security Tool

Question Answer
SysinternalsCommand line/IP utilities, a tool that includes resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment
Nexposeis a vulnerability scanning tool and Exploit Framework
Qualysis a vulnerability scanning tool.
Nessusis a vulnerability scanning tool.
OpenVASis a vulnerability scanning tool.
Niktois a web server vulnerability scanning tool.
Microsoft Baseline Security Analyzer (MBSA)is a vulnerability scanning tool.
Kiwi SyslogLog Management Software
MRTGMonitoring Tool
NagiosMonitoring Tool
SolarWindsMonitoring Tool
CactiMonitoring Tool
NetFlow AnalyzerMonitoring Tool
NAXSIWeb application firewall (WAF).
WiresharkPacket capture tool
tcpdumpPacket capture tool
Network GeneralPacket capture tool
Aircrack-ngPacket capture tool
SourcefireIDS and IPS tools
SnortIDS and IPS tools
BroIDS and IPS tools
Palo AltoFirewall
Check PointFirewall
ImpervaWeb application firewall (WAF).
NMAPNetwork scanning
netstatCommand line/IP utilities
pingCommand line/IP utilities
tracert/tracerouteCommand line/IP utilities
ipconfig/ifconfigCommand line/IP utilities
nslookup/digCommand line/IP utilities
OpenSSLCommand line/IP utilities
Burp SuiteInterception proxy
ZapInterception proxy
VegaInterception proxy
MetasploitExploit framework
Peach FuzzerFuzzer
Microsoft SDL File/Regex FuzzerFuzzer
EnCaseForensic suites
FTKForensic suites
HelixForensic suites
CellebriteForensic suites
SHAsum Hashing
John the RipperPassword cracking
Cain & AbelPassword cracking

Ports to Know

Question Answer
FTP TCP 20, 21
Simple FTPTCP 115
DHCPUDP 67, 68
NetBIOSTCP, UDP 137, 138, 139
Network Time ProtocolTCP 119
GopherTCP 70
SNMPUDP 161 & TCP, UDP 162
TelnetTCP 23
Time ProtocolTCP, UDP 37
KerberosTCP, UDP 88
IPSecTCP, UDP 1293
L2TP/IPSecUDP 500 & UDP 4500
RADIUSUDP 1812, 1813
OracleTCP 1521
H.323TCP 1720
SCP, Secure FTP, SSH TCP, UDP 22

Organizations to Know

Question Answer
SysAdmin, Audit, Network and Security (SANS)organization sponsors the Global Information Assurance Certification (GIAC). They also provide training, perform research, and publish best practices for cybersecurity, web security, and application security. They provide guidelines for secure software development.
Open Web Application Security Project (OWASP)is a group that monitors attacks, specifically web attacks. They maintain a list of the top ten attacks on an ongoing basis. This group also holds regular meetings at chapters throughout the world, providing resources and tools including testing procedures, code review steps, and development guidelines.
Center for Internet Security (CIS) is known for compiling CIS Security Controls (CSC)They publish a list of the top twenty security controls. They also provide hardened system images, training, assessment tools, and consulting services. 
International Organization for Standardizationdevelops and publishes international standards. They are not involved in web application testing.

Netstat Parameters

Question Answer
–aDisplays all connections and listening ports
–eDisplays Ethernet statistics
–nDisplays addresses and port numbers in numerical form instead of using friendly names
–sDisplays statistics categorized by protocol
–p protocolShows connections for the specified protocol, either TCP or UDP
–rDisplays the contents of the routing table
intervalDisplays selected statistics, pausing interval seconds between each display; press [Ctrl]C to stop displaying statistics

Seven Layers of the OSI Model

Question Answer
Application layer (layer 7)This end-user layer packages the data received from the Presentation Layer in the format needed by the application or end-user process that receives it. Examples include browsers, SMTP, HTTP, and FTP. This layer also creates what is to be sent back to the Presentation Layer.
Presentation layer (layer 6)Data Representation and Encryption, including format conversions. Think of this layer as the translator. Examples include ASCII, TIFF, JPEG, MIDI, and MPEG.
Session layer (layer 5)Interhost Communication. This layer manages multiple types of communications and sends data to logical ports, including those using NFS and SQL.
Transport layer (layer 4)End-to-End Connections and Reliability. As the name implies, this layer moves data across network connections, usually using TCP. It also handles error recovery and re-transmissions.
Network layer (layer 3)Path Determination, IP, and Routing. Layer 3 formats data as packets. Directs the data to the correct physical path.
Data Link layer (layer 2)This is the most complex layer in the OSI model, and it is sometimes divided into two parts: one for media access control and one for logical link control.
Physical layer (layer 1)Media, Signal and Binary Transmission. Examples include hubs, repeaters, and Ethernet cables. Data is transmitted by an electric voltage, radio frequencies, infrared or ordinary light.


Question Answer
Symmetric algorithmsuse a private or secret key that must remain secret between the two parties. Each party requires a separate private key, and they must match.
IVsto ensure that patterns are not produced during encryption. They provide this service by using random values with the algorithms. Without using them, a repeated phrase in a plaintext message could result in the same ciphertext. Attackers can possibly use these patterns to break the encryption.
Blocks ciphersperform encryption by breaking the message into fixed-length units. A message of 1024 bits could be divided into 16 blocks of 64 bits each. Each of those 16 blocks is processed by the algorithm formulas, resulting in a single block of ciphertext.
Asymmetric algorithmsKey distribution is easier and more manageable.
Asymmetric algorithmsare more expensive to implement.
Symmetric algorithmsare less expensive to implement.
Asymmetric algorithmsKey management is easier because the same public key is used by all parties.
Symmetric algorithmsare 1000 to 10,000 times faster.


Question Answer
Data aggregationis the process of filtering and summarizing data in some way, based on some common variable in the information.
Security data analyticsis the process of collecting a large amount of data and using software of some sort to analyze and make sense of the data.
Data correlationis the process of locating variables in the information that seemed to be related. An example of correlation might be “Every time there is a spike in SYN packets, we seem to have a DoS attack.”
Trend analysisinvolves attempting to discover patterns in the data that indicate trends. When the data is aggregated and then graphed, it is much easier to discern a trend.
Historical analysispresents data in a format that allows you to look at the history of a piece of security data.
Data aggregationis the process of gathering a large amount of data and filtering and summarizing it in some way, based on some common variable in the information.

Cisco Log Levels

Question Answer
0emergency, System unusable
1alert, Immediate action needed
2critical, Critical condition
3error, Error condition
4warning, Warning condition
5notification, Normal but significant condition
6informational, Informational message only
7debugging, Appears during debugging only


Question Answer
ACLAccess Control List
ARPAddress Resolution Protocol
BYODBring Your Own Device
CISCenter for Internet Security
CoBiTControl Objectives for Information and Related Technology
CCTVClosed-Circuit Television
CRMCustomer Relations Management
DDoSDistributed Denial of Service
DNSDomain Name Service
EMETEnhanced Mitigation Experience Toolkit
FISMAFederal Information Security Management Act
FTKForensic Tool Kit
FTPFile Transfer Protocol
HBSSHost Based Security System
HIDSHost Intrusion Detection System
HIPSHost Intrusion Prevention System
HRHuman Resources
ICSIndustrial Control Systems
IDSIntrusion Detection System
IMAPInternet Message Access Protocol
IOCIndicator of Compromise
IPSIntrusion Prevention System
ISOInternational Organization for Standardization
ITILInformation Technology Infrastructure Library
LDAPLightweight Directory Access Protocol
MACMandatory Access Control
MD5Message Digest 5
MOAMemorandum Of Agreement
MOUMemorandum Of Understanding
MRTGMulti Router Traffic Grapher
NACNetwork Access Control
NAXSINginx Anti XSS & SQL Injection
NICNetwork Interface Card
NIDSNetwork Intrusion Detection System
NISTNational Institute of Standards & Technology
OEMOriginal Equipment Manufacturer
OSSIMOpen Source Security Information Management
OWASPOpen Web Application Security Project
PAMPluggable Authentication Module
PCAPrincipal Component Analysis
PCIPayment Card Industry
PHIProtected Health Information
PIIPersonally Identifiable Information
RACIResponsible, Accountable, Consulted and Informed
RADIUSRemote Authentication Dial-In User Service
SABSASherwood Applied Business Security Architecture
SANSSystem Administration, Networking, and Security Institute
SCADASupervisory Control and Data Acquisition
SCAPSecurity Content Automation Protocol
SDLCSoftware Development Life Cycle
SEOSearch Engine Optimization
SHASecure Hash Algorithm
SIEMSecurity Incident and Event Manager
SLAService Level Agreement
SOCSecurity Operations Center
SPFSender Policy Framework
SSHSecure Shell
SSLSecure Sockets Layer
TACACS+Terminal Access Controller Access Control System Plus
TFTPTrivial File Transfer Protocol
TLSTransport Layer Security
TOGAFThe Open Group Architecture Framework
USBUniversal Serial Bus
VASVulnerability Assessment System
VDIVirtual Desktop Infrastructure
VLANVirtual Local Area Network
VPNVirtual Private Network
WAFWeb Application Firewall

Recent badges