1.2.1 Understanding the Need for Vulnerability Management Part 1 - VM

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 23 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:01
and last video. We talked about the sources of own abilities and define vulnerability management.
00:07
In this video, we're going to wrap up our discussion on why we need vulnerability management
00:12
by talking about identifying and fixing the votes.
00:18
Now let's look at our objectives.
00:21
So where the primary objectives of vulnerability management
00:24
and we're gonna learn the difficulties and vulnerability management as well.
00:32
So I'm gonna get our pre assessment first
00:35
vulnerability management can be tanking. So
00:39
is it
00:40
a true
00:42
or is it folks?
00:47
Okay, so answer here is true
00:50
vulnerability Management can really be time consuming.
00:57
So let's look at the objectives of vulnerability management.
01:00
So we're gonna identify
01:02
and fixed votes.
01:03
So that's basically any sort of confederation or software base issue.
01:11
We're gonna
01:11
warty automated attacks.
01:15
We're gonna address new security threats,
01:19
and lastly, we're gonna maintain compliance with lows and regulations.
01:26
So
01:27
first, let's identify and fix the votes.
01:32
So
01:34
phones and software it can effect
01:38
performance
01:40
availability
01:42
and a security.
01:44
So the question is what is actually a photo
01:48
in the software.
01:49
So the Waltons off Where
01:52
can actually be code? That's outdated.
01:56
That means it needs to be fixed
01:59
by a source of a patch.
02:01
Sorry Patch is actually released
02:05
either. Motley
02:07
oh, every quarter.
02:09
So, for example,
02:12
Microsoft released patches every month,
02:15
and we just call Patch Tuesday.
02:17
A patch is a rem Edy remediation or basically a remedy
02:23
for the computer.
02:23
So for answers, if we can put into the real world,
02:28
if you're sick
02:30
and you have a tummy ache,
02:30
you take. Pick that Pepto Bismol
02:34
as your remedy to your
02:35
for your tummy ache. Now, in this instance,
02:38
if a computer is having issues with this software,
02:42
it receives a new patch to remedy the issue with the older version of the software.
02:51
No,
02:52
let's talk about the war against the automated attacks.
02:57
First and foremost, let's identify what is the automated attack.
03:00
So the automated attack. It's simply when computers do the heavy lifting and finding vulnerable websites to exploit.
03:08
As a postman hacker doing is mainly in their basement.
03:14
So let's look at it. We have the ideas, and I ps
03:20
are basically saying we have the intrusion detection system
03:23
and also the intrusion protection system.
03:29
So
03:30
what a difference between the two.
03:34
So the ODS and I PS boat increase the security level of networks
03:40
not, as basically that's what they do is for us
03:44
the same. Now let's look at it for us.
03:46
Hotter, different.
03:50
So the main difference between one system and utter
03:53
it's the action that they take when an attack is detected in an initial phase.
03:59
As for what networks can in the port scan,
04:02
So let's talk about the intrusion detection system first,
04:05
so it provides that network but a level of preventive security against any suspicious activity.
04:13
The idea's a cheese, the this objective through early warnings
04:16
aimed at system administrators, however, I like I ps.
04:21
It is not designed to block attacks.
04:25
So let's look at I p s
04:28
to an intrusion prevention system
04:30
is a device that controls access to the I T networks in order to protect systems from attack and abuse. It is designed to inspect attack data
04:41
and take correspond in action,
04:44
blocking it as if,
04:46
as it is developing before succeeds,
04:51
creating a series of rules and corporate far wall.
04:57
So next let's look at the little balance.
05:00
Now, as far as a low balances,
05:02
it's basically what it sounds like.
05:04
Load balancers, eh
05:06
system within to enterprise.
05:11
Get off sets
05:13
the loads are basically the payloads of the data that's going to a particular service.
05:18
So what? It actually does this if, for instance, we have 10,000 pieces of data going to
05:26
one server, but if we have another survey that's connected to it,
05:30
it's going to balance. It was gonna
05:31
separated where 5000 is goingto one server,
05:35
and five thousand's going to notice there.
05:38
That way, it's not gonna be over text, and also it can actually prevent an attack.
05:44
As for is a buffer overflow
05:46
that we spoke about in a previous chapter.
05:48
We're basically in a previous
05:51
lesson in which would a buffer overflow does it loads up
05:58
a particular server? Whatmore data that I can handle
06:02
in which it becomes a vulnerability wanted overflow.
06:08
Now let's look at the hosts Anti malware solution.
06:13
Not a host anti Marion Merrell solution. We all have it at home, so we have McAfee.
06:18
We have Kaspersky.
06:20
We have Symantec and a few other.
06:25
You are in a virus and also anti male, where solutions as well, tune which
06:30
it actually goes out, and it's searches
06:34
for viruses,
06:35
Mel, where or anything that could basically attack a computer. So we have computer actually run slow.
06:43
It's being affected by mill where, and it's also being infected by viruses as well.
Up Next
Fundamentals of Vulnerability Management

Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.

Instructed By