In this chapter, we took a brief look at Kali’s role in the field of information security. We discussed the importance of a clean, working installation and the use of encryption before heading out to the field in order to protect your client’s information, and the importance of legal representation to protect you and your client’s interests.
The components of the CIA (confidentiality, integrity, availability) triad are the primary items that you will focus on when securing a system as part of standard deployment, maintenance, or assessment. This conceptual foundation will assist you with the identification of the critical components of your systems and the amount of effort and resources worth investing into correcting identified problems.
We discussed several types of vulnerabilities including file inclusion, SQL injection, buffer overflows, and race conditions.
The accuracy of the signatures is extremely important to get useful vulnerability assessment results. The more data that are provided, the higher chance there is to have accurate results from an automated signature-based scan, which is why authenticated scans are often so popular.
Since automated tools use a database of signatures to detect vulnerabilities, any slight deviation from a known signature can alter the result and likewise the validity of the perceived vulnerability.
We also discussed the four types of assessments: the vulnerability assessment, compliance test, traditional penetration test, and the application assessment. Even though each type of assessment leverages a core set of tools, many of the tools and techniques overlap.
The vulnerability assessment is relatively simple in comparison to the other assessment types and often consists of an automated inventory of discovered issues within a target environment. In this section, we discussed that a vulnerability is a flaw that, when exploited, will compromise the confidentiality, integrity, or availability of an information system. Since it is signature-based, this type of assessment relies on accurate signatures and can present false positives and negatives. You will find the core tools for this type of assessment in the Vulnerability Analysis andmenu categories of Kali Linux.
Compliance tests are based on government- and industry-mandated requirements (such as PCI DSS, DISA STIG, and FISMA), which are in turn based on a compliance framework. This test usually begins with a vulnerability assessment.
A traditional penetration test is a thorough security assessment that is designed to improve the overall security posture of an organization based on certain real-world threats. This type of test involves several steps (mirrored by the Kali Linux menu structure) and culminates in exploitation of vulnerabilities and pivoting access to other machines and networks within the target scope.
Application assessments (usually white- or black-box) focus on a single application and use specialized tools such as those found in the, , , and menu categories.
Several types of attacks were discussed including: denial of service, which breaks the behaviour of an application and makes it inaccessible; memory corruption, which leads to manipulation of process memory, often allowing an attacker code execution; web attacks, which attack web services using techniques like SQL injection and XSS attacks; and password attacks, which often leverage password lists to attack service credentials.