The recent modification of the NIST framework, has given rise to the NIST2.0, which has the governance integrated into the existing part of the Framework.
This framework as described by the NIST Institution, helps organizations plan and secure its critical infrastructure with regards to cybersecurity incidents. As part of ensuring effective cybersecurity, the NIST Framework consist of Six(6) categories: Govern, Identify, Protect, Detect, Response, and Recover.
But really, how is this framework practically employed, in real-life cybersecurity? To have an idea of this, let’s talk a few points on how the “IDENTIFY” arm of the Framework is carried out, or the scope of the “IDENTIFY Framework”.
To “IDENTIFY” vulnerabilities, certain actions need to be carried out, by the BLUE TEAM personnel. These actions include:
Scanning and Vulnerabilities detection:
The scanning and vulnerabilities detection aim in discovering open ports and services while determining the vulnerabilities that exist in them. In order to achieve the results of scanning these ports the following tools are used:
Nmap:
This tool can be used, to ping sweep the network, to detect open ports and services, to scan for common TCP, HTTP, and HTTPS port. In addition to determining these services, Nmap is used to uncover common UDP ports, DNS services etc.
Nessus:
The Nessus tool, supports the detection of vulnerabilities on a large scale, reports their CVE’s , and possible reference to their documentations. What even makes Nessus more a good tool, is that it supports Basic Scan, Batch Mode Scan, and output the results to the desired file e.g. PDF.
OpenVAS:
The OpenVAS tool uses both server and client plugins (OpenVAS scanner, and OpenVAS manager), to determine open services, and vulnerabilities of a network.
Network Discovery:
FOR WINDOWS:
Basic network discovery, Basic Ping scan writing the output logs to a textfile, enabling DHCP server logging, Detecting and determining the default location of the DNS, Enabling DNS logging, Hashing, NETBIOS (Basic Scan, Script Loop scan), User Activity, Password guessing or checks, Active directory (Entra-ID) listing etc.
FOR LINUX:
In the Linux network discovery, we have the Basic Ping Scan, the Net view scan, determining the open SMB shares, viewing the DHCP lease logs, DNS (starting the DNS logging, viewing DNS logging), Hashing ( All executable files should be hashed), NETBIOS (conducting basic NetBIOS scan), Passwords (Check for password and username guessing).
Personnels:
All personnels are to be identified and determining if they understand their various jurisdictions, and activities. Inventory of the employees the clerk, security personnel, chefs (for organizations that have pantry), various departments (Read Teaming, Purple Teaming), and their jurisdiction, the CEO (understanding his/her role and carrying out these responsibilities diligently), organization vendors (equipment’s supplied meeting standards and following the right chain of custody).
While there are lots of discussions about these frameworks and standards, we feel at FixitGearWare security, letting you know the pragmatic approach of these frameworks in real-life scenarios starting with the IDENTIFY, are important.
Thanks for the read….
Put your comments below in the comment section on your thoughts about this.
Find this article and information helpful? Show some love and support “Click-Here“