Vulnerability: A flaw or weakness in system that may result in a security breach or a violation of the system's security policy.
Threat: The potential for a specific vulnerability to be exercised either intentionally or accidentally.
Control: measures taken to prevent, detect, minimize, or eliminate risk to protect the Integrity, Confidentiality, and Availability of information.
Vulnerability Assessment: The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.
Some methods are used to assess Vulnerability Assessment
they are Information Gathering, Vulnerability Detection, Information Analysis and Penetration, Privilege Escalation, Result Analysis and Clean Up.
Defining and classifying network or system resources.
Assigning relative levels of importance to the resources.
Identifying potential threats to each resource.
Developing a strategy to deal with the most serious potential problems first.
If security holes are found as a result of vulnerability analysis, a vulnerability disclosure may be required.
Identify missing patches in the system.
Getting information about product wise missing patches.
Identify criticality of the missing patches.
Get Operating System (OS) wise, MS SQL Database wise, IIS Web server wise and other vulnerabilities.
Network Port Scanning
Identifying open ports on the system.
Auditing the security of the system by identifying the network connections, this can be made to, or through it.
Identifying unauthorized application/service, which is using a particular port for data sharing.
A facility is there for blocking/denied access of unauthorized network ports.
Identify all authorized and unauthorized application/processes that are running on the system.
Provides policy enforcement which is user defined resulting in an instant application termination regards to the policy violation.
Identified current status of services in each system like:
=> Service Status: Running/Stopped.
=> Service Mode: Automatic/Manual/Disabled.
Identifies unauthorized services in the system.
The facility is available like administrator can change the status of window services from the central console like start/stop service or change startup type of the service.
Identify all shared resources in each system.
Provides policy enforcement for automatic removing shared resources.
A notification or service requests/tickets is raised based on the category/sub-category for any security breaches or vulnerabilities is found.
A service request/ticket should be automatically sent to the engineer/person/security expert for closing of security breaches or vulnerabilities.
The service Request/Tickets should be available for viewing and action on suitable web-based interface.
The Security Request/Tickets should have facility to log all events, actions taken on the notification to remedy the security incident.
Facility for the engineer/admin to route the Security Request/Tickets to another engineer/person.
If the Security Request/Tickets is not closed, then the Security Request/Tickets should be escalated to the next level of expert/engineer, and suitable emails/sms should be sent to the Admin and the higher authorities (as defined by the Security incident handling policy).
Standard pre-built reports are provided to simplify the managing of nodal details effective.
Provides a facility to let the reports generated to be exported in excel and/or PDF format there by making it simple for the admin to shelf a hard copy at a single click that can be retrieved as and when required.
Utility of VAPT
Ability to define hierarchical Organization units for security incident management.
Ability to define user rights based on their role and OU. And, these rights can use used to define access policy to the application.
Keep history of all network operations, which includes port used, opened etc.
Vulnerability scan and database of vulnerabilities.