11.5. Summary
In this chapter, we took a brief look at Kali’s role in the field of information security. We discussed
the importance of a clean, working installation and the use of encryption before heading out to
the field in order to protect your client’s information, and the importance of legal representation
to protect you and your client’s interests.
The components of the CIA (confidentiality, integrity, availability) triad are the primary items
that you will focus on when securing a system as part of standard deployment, maintenance, or
assessment. This conceptual foundation will assist you with the identification of the critical com-
ponents of your systems and the amount of effort and resources worth investing into correcting
identified problems.
We discussed several types of vulnerabilities including file inclusion, SQL injection, buffer over-
flows, and race conditions.
The accuracy of the signatures is extremely important to get useful vulnerability assessment re-
sults. The more data that are provided, the higher chance there is to have accurate results from
an automated signature-based scan, which is why authenticated scans are often so popular.
301
Chapter 11 — Introduction to Security Assessments
Since automated tools use a database of signatures to detect vulnerabilities, any slight deviation
from a known signature can alter the result and likewise the validity of the perceived vulnerability.
We also discussed the four types of assessments: the vulnerability assessment, compliance test, tradi-
tional penetration test, and the application assessment. Even though each type of assessment leverages
a core set of tools, many of the tools and techniques overlap.
The vulnerability assessment is relatively simple in comparison to the other assessment types and
often consists of an automated inventory of discovered issues within a target environment. In
this section, we discussed that a vulnerability is a flaw that, when exploited, will compromise the
confidentiality, integrity, or availability of an information system. Since it is signature-based, this
type of assessment relies on accurate signatures and can present false positives and negatives. You
will find the core tools for this type of assessment in the Vulnerability Analysis and Exploitation
Tools menu categories of Kali Linux.
Compliance tests are based on government- and industry-mandated requirements (such as PCI
DSS, DISA STIG, and FISMA), which are in turn based on a compliance framework. This test usually
begins with a vulnerability assessment.
A traditional penetration test is a thorough security assessment that is designed to improve the
overall security posture of an organization based on certain real-world threats. This type of test
involves several steps (mirrored by the Kali Linux menu structure) and culminates in exploitation
of vulnerabilities and pivoting access to other machines and networks within the target scope.
Application assessments (usually white- or black-box) focus on a single application and use spe-
cialized tools such as those found in the Web Application Analysis, Database Assessment, Reverse
Engineering, and Exploitation Tools menu categories.
Several types of attacks were discussed including: Denial of Service, which breaks the behavior of
an application and makes it inaccessible; memory corruption, which leads to manipulation of pro-
cess memory, often allowing an attacker code execution; web attacks, which attack web services
using techniques like SQL injection and XSS attacks; and password attacks, which often leverage
password lists to attack service credentials.
302
Kali Linux Revealed
|
