Time
1 hour 23 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
in the last video, we talked about the benefit of security policies and vulnerability, management and importance of tracking inventory. And it's video. Who would talk about verifying foreign abilities against inventory?
00:15
Let's look at the learning objectives.
00:18
We're going to cover the benefits of using tools
00:21
and also the benefit of verifying foreign abilities against inventory.
00:26
Let's look at the pre assessment.
00:28
Verifying vulnerabilities against your inventory can help to minimize wasted effort. Own risk that don't apply it to your organization.
00:37
Is that true? Or folks?
00:43
The correct answer here is true.
00:46
It definitely saves you a lot of effort and saved a lot of time as well.
00:52
That's a look at the benefit of the tools,
00:55
so it does help reduce false positive.
00:58
That's how reduce false negatives
01:00
and a different tools that you have that your disposal rapid seven Nessen Squalus
01:06
And there's other vendors well to that provides vulnerability management.
01:11
So with that, said, the vulnerability of magical solution
01:15
you select
01:17
to provide the capability to scan scan four and fix vulnerabilities in a broader range of categories.
01:25
It should include
01:26
backdoors in Trojan horses,
01:30
which bypasses authentication systems, so that's why it's always great to ensure that solution has
01:37
a piece where it can authenticate with the server. That way,
01:41
if it does fill, it can actually let you know
01:45
down to two.
01:47
Actually, I p of the server that it fell though
01:49
you can go in and correct that issue from there.
01:53
Brute force attacks,
01:55
which defies photography by systematically trying different keys.
02:00
So it's important to ensure that
02:02
brute force attack that plug in is also
02:06
implement. It is well to with your solution
02:08
CG I with the exploits Common gate will interface
02:13
data basis
02:15
D. N s and buying which exploits domain name service is
02:21
e commerce applications file sharing about transfer fry walls,
02:28
General Remote Service's Hall where and networked appliances,
02:31
SMTP and e mail applications. That is a huge one. So you always want to make sure that,
02:38
you know, it's from a port perspective
02:42
bachner ftp port
02:44
and also that you're
02:46
email ports always covered, so
02:47
always ensure that that plug in
02:51
is insert is well to its force. Porter, you're scanning.
02:55
Then we have t c p i P. So that's the explosive, the transmission control protocol and Internet Protocol.
03:01
So it was a big one that's Port 80. Right there, guys
03:06
where VoIP Web servers, while its excess points and X windows, which exploits display protocols.
03:13
So
03:14
the benefits of having these tools
03:16
it is not only to
03:20
save you time and also save your money. But if anything does these tools or putting please so identified its critical vulnerabilities
03:29
and stay ahead of the curve. When Attackers basically try toe,
03:34
try to get inside of the infrastructure.
03:38
So look at the benefits of verifying vulnerabilities.
03:43
So we have here minimize effort spent on risk that don't apply
03:49
and reduce calls. Because if you don't reduce coast like the late, great burning Maxie is going to be trouble. Tripp do
03:57
so you can use the results of a vulnerability scan to verify that vulnerabilities matched the actual device
04:03
software and configurations in your network.
04:06
The value of the step miss to minimize efforts spent investigating risk that don't apply to your network configuration.
04:15
Obviously, this is another test that best it is best done automatically
04:20
intelligence scan and applications such as Ness's
04:25
HQ, Wallace and other applications. That's out there as well to our designs. Actually, I accurately identify at risk pertinent to the devices and applications on your network,
04:36
eliminating common errors known as false positives and false negatives that can lead to inefficiencies and a vulnerability in management process
04:46
and lied to
04:48
taxing time
04:50
and, most importantly,
04:54
bringing up Maur calls.
05:01
Okay, so let's look at the ways to improve scan.
05:05
So we have the service. Discovery Engine. Which text backdoors Trojans.
05:12
The other viruses that associate ID mill Where? Everything.
05:16
So we have websites as well, too. So we have this. We have the C V database, which is the common vulnerability Exploit Database
05:26
San Stop 20.
05:28
We have a watch Top 10.
05:30
We have the N V D, which is the national vulnerability database. We have more sits a ton ton more to go.
05:39
Lastly, we have the comprehensive and accurate reporting. So
05:43
if anything,
05:45
when you provide a report,
05:46
you want to ensure that you're capturing
05:50
information that's showing the authenticated and also the remediated effort
05:58
of the vulnerability. Imagine peace. So you want to injure that hey
06:01
patching team did their job. It's well, it's configuring.
06:05
Provide the patches.
06:08
You did your job for three scanning. Make sure making sure that
06:11
the to is actually authenticating to the server
06:15
and that way when you actually handed over to the client, they're getting a crystal clear picture of their security posture.
06:25
All right, so look at the polls assessment
06:28
so comprehensive, comprehensive and accurate reports or not one other ways to improve vulnerability. Scat.
06:35
Is that true? Or is that folks?
06:42
This is folks
06:45
comprehensive and echo reports or
06:47
the way still improve Vulnerability scan.
06:50
So this here,
06:53
his answer here right here is actually focus.
06:57
Let's go ahead and wrap up now.
07:00
So in this video, we talked about verifying vulnerabilities against inventory.
07:04
In the next video,
07:06
we'll talk about
07:09
classifying and rigging risk.

Up Next

Fundamentals of Vulnerability Management

Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.

Instructed By

Instructor Profile Image
Corey Charles
Founder of DreamVision IT LLC
Instructor