Time
1 hour 23 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
in the last video, we talked about verifying vulnerabilities against inventory.
00:05
In this video, we'll talk about classifying and Reagan risk.
00:12
So to learn the objectives, we're gonna talk about the full categories of risk.
00:17
Also, we're gonna talk about High Firmino Hacker. Thanks
00:22
get the pre assessment.
00:24
Criminal hackers do not use information gathering as a step in their process.
00:28
Is this true
00:29
or is this photos?
00:35
This is folks they actually do use information gathered as a step in the process.
00:44
So here's the full categories of risk for vulnerabilities.
00:48
It's critical,
00:49
important, moderate and low.
00:55
So let's jump right into it with the critical horn abilities.
01:00
So a vulnerability
01:03
which, if exploit it, would allow malicious native kowtow, execute and potentially without a use of being aware.
01:12
That's the definition
01:15
of a critical vulnerability,
01:18
so it's a dangerous exploit. It has propagation without use action.
01:23
From a
01:25
financial standpoint, it's the most calls it cost the most.
01:30
If there was an exploited, his vulnerability
01:34
and if anything, from a reputation standpoint of the company,
01:38
it would definitely drag down the reputation
01:41
if a critical vulnerability
01:42
was successfully executed.
01:48
Now let's look at the
01:49
important vulnerability
01:52
which cover CIA
01:53
confidentiality, integrity and availability
01:57
and the compromise of user data as well.
02:01
So it's for it's important. It's a vulnerability, which is
02:06
which, If exploit, it would compromise data security, potentially allowing access to confidential data, or could compromise presence ING Resource is, and it uses computer.
02:22
It does look at moderate.
02:24
It exploits what they exploit a serious,
02:29
but it is easily mitigated.
02:34
Did the four configuration blocks
02:37
user action is needed and the difficulty of performing explore?
02:44
So the difficulty of performing exploit is not as extreme
02:47
as critical,
02:50
but it's pretty much
02:53
to the point where it's not as dangerous, but it's dangerous enough.
02:57
So what moderate? Be careful and, if anything, be active when it comes on to remediating this vulnerability.
03:06
So the modern vulnerability is a vulnerability that is limited
03:08
to a significant degree by factors such as before configuration ordering or is difficult to exploit
03:20
that doesn't get the low vulnerability.
03:23
Exploit is extremely difficult, has minimal impact.
03:28
So if anything,
03:30
the
03:31
vulnerability
03:32
is there
03:35
but is is very weak. It's a very, very low
03:39
chance that is exploit would actually work.
03:44
So not to say to put a blind eye to a little vulnerability
03:50
bridges from a infrastructure impact.
03:53
It's less than likely that it would actually happen.
03:57
And if anything,
03:59
the patches or the configuration of dates
04:01
that's contributed to
04:04
either
04:05
critical, the important or tomato vulnerabilities
04:11
most likely would cover those little vulnerabilities.
04:18
All right, so let's look at criminal hackers,
04:23
so criminal hackers
04:25
they look. They look for information gathering, scanning,
04:29
verification
04:30
to gain access.
04:31
Answer. Manning tan access. Also so,
04:35
information gathering We don't directly connect to the hose.
04:41
Basically what he's a who is Look up. You can look at the who is lookups search engines. Social media searching to see products. The company uses job postings to see what software and hall, where
04:53
isn't used by the company. So as basically a back way too
04:58
check it out so you're not
05:00
directly connected to a net and in that manner,
05:03
so what? Scanning,
05:05
Scanning open ports and performing thing is kind of kind of like, you know, the the banner gravity to see what operating system is in use.
05:16
Verification.
05:18
We're verifying the system does have the vulnerability
05:24
gain excess were performing exploit to take over the system
05:29
and Mantan excess.
05:30
We're planning a backdoor
05:33
to maintain access to the compromise system.
05:39
Says look at the post assessment.
05:42
A critical risk
05:45
can never occur
05:46
without a user action.
05:50
Is this true?
05:53
Oh, is this folks?
06:00
Okay?
06:01
The answer here
06:04
is actually froze.
06:08
Now, Critical risk
06:10
can happen.
06:13
Would use that action.
06:15
And without use action as well, too.
06:17
Still gonna happen both ways.
06:19
So this this folks.
06:25
All right, So
06:28
in this video went, talked about classifying and ranking risk.
06:32
In the next video,
06:33
we're going to talk about ashes and fix its

Up Next

Fundamentals of Vulnerability Management

Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.

Instructed By

Instructor Profile Image
Corey Charles
Founder of DreamVision IT LLC
Instructor