CVE Monitoring (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey there Cybrarians.
00:00
Welcome back to the Linux+ course here at Cybrary.
00:00
I'm your instructor Rob Goelz,
00:00
and in today's lesson, we're going to
00:00
be covering CVE Monitoring.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to understand the purpose
00:00
of CVE monitoring and why we need to do
00:00
it and we're going to look at how we can find
00:00
CVE records in related data during a demo.
00:00
Each year there are tens of thousands of
00:00
new vulnerabilities released, several,
00:00
10, or 100 a week up
00:00
to a couple a day and we have to stay on top of these.
00:00
We have to be aware of new attacks that can
00:00
impact our systems or compromise our systems.
00:00
But how do we keep track of
00:00
all of these new vulnerabilities?
00:00
Well, the good news is that we don't have to,
00:00
we have other people that are tracking them for us.
00:00
We just have to keep an eye on where
00:00
it's being tracked and one of
00:00
those places we can look is
00:00
the information provided by Mitre,
00:00
which is on their common vulnerabilities
00:00
and exposures website,
00:00
otherwise known as CVE.
00:00
Let's take a look at their website with some Demo Time.
00:00
Here we are in our demo environment.
00:00
Here we are just going to fire up
00:00
our Firefox web browser and we're
00:00
going to go to the CVE website,
00:00
which cve.mitre.org.
00:00
When we go here, we can actually go
00:00
and search the CVE list.
00:00
Now the funny thing about CVEs is
00:00
that it's actually easiest just to search by year,
00:00
so we'll just search by 2021 and we can hit Submit.
00:00
The reason for this is because you'll see that
00:00
the CVEs are numbered by the year first and
00:00
then they get a specific year
00:00
and number designation in
00:00
the end that is specific to the actual vulnerability.
00:00
They're always going to start as CVE 2021
00:00
for any vulnerability that came out in 2021.
00:00
We can see a couple of different
00:00
vulnerabilities information here,
00:00
types of public records versus reserve records.
00:00
Reserve records are basically
00:00
there for a vulnerability that's coming,
00:00
it means a candidate hasn't provided all the information
00:00
or it's going through
00:00
the process and it'll be announced,
00:00
and then it'll be updated and published.
00:00
Basically, once the CNA
00:00
populates all of the data in here,
00:00
it gets an ID, but sometimes it
00:00
doesn't actually go to published.
00:00
If there's an issue with
00:00
the vulnerability that's reported,
00:00
it could be rejected as invalid or disputed.
00:00
But you'll see a lot of
00:00
reserved ones but when things actually get published,
00:00
you'll see that there'll be something like this.
00:00
You'll actually see information in here and you can
00:00
click on these links to get more information.
00:00
A good one, for instance,
00:00
that I saw earlier down here.
00:00
There was a really interesting one about CVE here, 3507.
00:00
A heap buffer overflow is
00:00
found in the floppy disk emulator.
00:00
A privileged guest user uses flaw to
00:00
crash the process resulting in the denial of
00:00
service or potentially leaking
00:00
information from host memory. Not good.
00:00
But this is interesting information.
00:00
But what do you do with it?
00:00
Well, the nice thing about this
00:00
is that this information from CVE
00:00
actually then goes on to
00:00
the US National Institute of Standards and Technology,
00:00
which is part of the Department of Commerce
00:00
here in the US and
00:00
their website for finding information is nvd.nist.gov.
00:00
We can click here and
00:00
then in order to search for vulnerabilities,
00:00
we can click on ''Vulnerabilities''
00:00
and go to the full listing.
00:00
I'm just going to click on
00:00
''May'' because we know that this is
00:00
a recent vulnerability year and if we go to this list,
00:00
it should come up and it should tell us
00:00
any vulnerabilities that happened this month.
00:00
Now the information here in NIST,
00:00
it gets ranked by
00:00
a severity and also
00:00
releases fixes for published severities.
00:00
For instance, we can go in here and we can
00:00
search for 3507,
00:00
and then we can see our vulnerability right here at 2021,
00:00
3507 and if we click in here,
00:00
it will give us information on
00:00
the vulnerability and if it's gone through the process,
00:00
it will give us a severity and
00:00
a fix for the vulnerability as well.
00:00
Now it is recommended that you sign up for
00:00
the mailing lists on both of these websites.
00:00
You can also set up RSS feeds or
00:00
watch the Twitter pages for either the scripts.
00:00
With that, we've reached the end of this lesson
00:00
and in this lesson we talked
00:00
about the purpose and importance
00:00
of CVE monitoring rights,
00:00
staying on top of vulnerabilities that are coming out,
00:00
and then we talked about how to find
00:00
CVE records and related data during the demo today.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next