Q No.

1:

Vulnerability Assessment
Sometimes, security professionals don’t know how to approach a vulnerability assessment, especially
when it comes to dealing with results from its automated report. Yet, this process can be of value to an
organization.

Besides information revealed from the results, the process itself is an excellent opportunity to get a
strategic perspective regarding possible cybersecurity threats. First, however, we need to understand
how to put the right pieces in place to get real value from a vulnerability assessment.

A Four-Step Guide to Vulnerability Assessment

Here is a proposed four-step method to start an effective vulnerability assessment process using any
automated or manual tool.

1. Initial Assessment

Identify the assets and define the risk and critical value for each device (based on the client input), such
as a security assessment vulnerability scanner. It’s important to identify at least the importance of the
device that you have on your network or at least the devices that you’ll test. It’s also important to
understand if the device (or devices) can be accessed by any member of your company (such as a public
computer or a kiosk) or just administrators and authorized users.

2. System Baseline Definition

Second, gather information about the systems before the vulnerability assessment. At least review if the
device has open ports, processes and services that shouldn’t be opened. Also, understand the approved
drivers and software (that should be installed on the device) and the basic configuration of each device
(if the device is a perimeter device, it shouldn’t have a default administrator username configured).

3. Perform the Vulnerability Scan

Third, Use the right policy on your scanner to accomplish the desired results. Prior to starting the
vulnerability scan, look for any compliance requirements based on your company’s posture and business,
and know the best time and date to perform the scan. It’s important to recognize the client industry
context and determine if the scan can be performed all at once or if a segmentation is needed. An
important step is to re-define and get the approval of the policy for the vulnerability scan to be
performed.

4. Vulnerability Assessment Report Creation

The fourth and most important step is the report creation. Pay attention to the details and try to add
extra value on the recommendations phase. To get real value from the final report, add
recommendations based on the initial assessment goals.
Also, add risk mitigation techniques based on the criticalness of the assets and results. Add findings
related to any possible gap between the results and the system baseline definition (deviations in any
misconfiguration and discoveries made), and recommendations to correct the deviations and mitigate
possible vulnerabilities. Findings on the vulnerability assessment are normally very useful and are
ordered in a way to ensure the understanding of the finding.

multigating attacks

DDoS mitigation refers to the process of successfully protecting a targeted server or network from a
distributed denial-of-service (DDoS) attack. By utilizing specially designed network equipment or a cloud-
based protection service, a targeted victim is able to mitigate the incoming threat.

DDoS Mitigation Stages

There are 4 stages of mitigating a DDoS attack using a cloud-based provider:

Detection - in order to stop a distributed attack, a website needs to be able to distinguish an attack from
a high volume of normal traffic. If a product release or other announcement has a website swamped
with legitimate new visitors, the last thing the site wants to do is throttle them or otherwise stop them
from viewing the content of the website. IP reputation, common attack patterns, and previous data
assist in proper detection.

Routing - By intelligently routing traffic, an effective DDoS mitigation solution will break the remaining
traffic into manageable chunks preventing denial-of-service.

Adaptation - A good network analyzes traffic for patterns such as repeating offending IP blocks,
particular attacks coming from certain countries, or particular protocols being used improperly. By
adapting to attack patterns, a protection service can harden itself against future attacks.

Choosing a DDoS mitigation service

Traditional DDoS mitigation solutions involved purchasing equipment that would live on site and filter
incoming traffic. This approach involves purchasing and maintaining expensive equipment, and also
relied on having a network capable of absorbing an attack. If a DDoS attack is large enough, it can take
out the network infrastructure upstream preventing any on-site solution from being effective. When
purchasing a cloud-based DDoS mitigation service, certain characteristics should be evaluated.

Scalability - an effective solution needs to be able to adapt to the needs of a growing business as well as
respond to the growing size of DDoS attacks. Attacks larger than 1 TB per second (TBPS) have occurred,
and there’s no indication that the trend in attack traffic size is downward. Cloudflare’s network is capable
of handling DDoS attacks 10X larger than have ever occurred.

Flexibility - being able to create ad hoc policies and patterns allows a web property to adapt to incoming
threats in real time. The ability to implement page rules and populate those changes across the entire
network is a critical feature in keeping a site online during an attack.
Q No. 2:
Vulnerability Scanning vs. Penetration Testing

It amazes me how many people confuse the importance of vulnerability scanning with penetration
testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration
testing, on its own, cannot secure the entire network. Both are important at their respective levels,
needed in cyber risk analysis, and are required by standards such as PCI, HIPPA, ISO 27001, etc.

Penetration testing exploits a vulnerability in your system architecture while vulnerability scanning (or
assessment) checks for known vulnerabilities and generates a report on risk exposure.

Either penetration testing or vulnerability scanning depends mostly on three factors

Scope

Risk and Criticality of assets

Cost and Time

Penetration testing scope is targeted and there is always a human factor involved. There is no automated
penetration testing thing. Penetration testing requires the use of tools, sometimes a lot of tools. But it
also requires an extremely experienced person to conduct penetration testing. A good penetration tester
always at some point during their testing craft a script, change parameters of an attack or tweak settings
of the tools he or she may be using.

It could be at application or network level but specific to a function, department or number of assets.
One can include whole infrastructure and all applications but that is impractical in the real world because
of cost and time. You define your scope on a number of factors that are mainly based on risk and how
important is an asset. Spending a lot of money on low-risk assets which may take a number of days to
exploit is not practical. Penetration testing requires high skilled knowledge and that’s why it is costly.
Penetration testers often exploit a new vulnerability or discover vulnerabilities that are not known to
normal business processes. Penetration testing normally can take from days to a few weeks. It is often
conducted once a year and reports are short and to the point. Penetration testing does have a higher
than average chance of causing outages.

On the other hand, vulnerability scanning is the act of identifying potential vulnerabilities in network
devices such as firewalls, routers, switches, servers and applications. It is automated and focuses on
finding potential and known vulnerabilities on the network or an application level. It does not exploit the
vulnerabilities. Vulnerability scanners merely identify potential vulnerabilities; they do not exploit the
vulnerabilities. Hence, they are not built to find zero-day exploits. Vulnerability scanning scope is
business-wide and requires automated tools to manage a high number of assets. It is wider in scope than
penetration testing. Products specific knowledge is needed to effectively use the vulnerability scans
product. It is usually run by administrators or a security personal with good networking knowledge.
Vulnerability scans can be run frequently on any number of assets to ascertain known vulnerabilities are
detected and patched. Thus, you can eliminate more serious vulnerabilities for your valuable resources
quickly. An effective way to remediate vulnerabilities is to follow the vulnerability management lifecycle.
The cost of a vulnerability scan is low to moderate as compared to penetration testing, and it is a
detective control as opposed to preventive like penetration testing.

Q No. 3:
CURRENT MITIGATION APPROACHES AND INFRASTRUCTURE

The mitigation of synthetic biology–enabled attacks essentially has two broad components: minimizing
the chances of an attack and minimizing the negative outcomes once an attack has occurred. As
discussed in Chapter 3, Potential for Mitigation, key elements that contribute to the potential for
mitigation include deterrence and prevention capabilities, ability to recognize an attack, attribution
capabilities, and consequence management capabilities. Broadly speaking, many of the same tools that
are used to mitigate natural infectious disease outbreaks or exposure to chemicals (e.g., from
environmental spills) are also relevant to mitigation of an intentional biological or chemical attack. In
addition, the practices and rules in place to mitigate dual-use research may be relevant to some
synthetic biology capabilities. The following sections provide a brief overview of selected existing
mitigation approaches and infrastructures related to life sciences research, public health, emergency
response, and healthcare capabilities that may be relevant to mitigating synthetic biology–enabled
attacks.

Deterrence and Prevention Capabilities

Deterring or preventing the development and use of biological weapons, including those enabled by
advances in synthetic biology, is of high priority for the U.S. Department of Defense (DoD) and for the
nation. However, there are fundamental challenges to deterring or preventing misuse of biological
advances. It has been noted that “the knowledge, materials, and technologies needed to make and use a
biological weapon are readily accessible, everywhere in the world”. While fundamental research and
clinical studies are the engines that drive public health and medical treatments, they simultaneously
provide dual-use opportunities. Pathogens are ubiquitous, found in hospital and research laboratories,
scientific culture collections, infected people and animals, and the environment. The skills and
equipment applied to solving challenges in medicine, agriculture, and other disciplines for beneficial
purposes are largely the same as those that would be used in making a biological weapon. Advances
made in the age of synthetic biology add to the already-broad spectrum of biotechnologies that could be
misused.