7 hours 6 minutes
Hey, everyone, welcome back to the course in this video. We're gonna take a brief introduction to vulnerabilities, so we'll talk about what vulnerabilities actually are. We'll talk about different types of vulnerability assessments, and we'll learn what CVS s actually stands for.
So what is the vulnerability? What? Really? It's just a weakness. A weakness in a system, weakness in an application or in the human element, right? A weakness where social engineering could take place. Think of it this way. Let's pretend that I have. I've built a wooden bridge across the river, right? So I'm using all these different boards and nails etcetera, and I have a wooden bridge.
Now, over time, some of the boards become cracked because it rained so much and they become kind of warped. And
the bridge isn't quite a sturdy as it used to be. It still works, but it's not a sturdy as it used to be. And every single crack in the boards is what we would identify as a vulnerability, right, a weakness in the board and the infrastructure of the bridge. Now, it doesn't mean that the bridge is gonna collapse tomorrow or anything but that risk is there,
and we have to determine. Are we comfortable with that risk of the bridge potentially collapsing? Or
do we want to patch some of these boards or replace some of the boards to mitigate those vulnerabilities? So a vulnerability again, It's just a weakness in a system application or again in the human element. And we want to try to find these before an adversary, for obvious reasons, right? We don't want them to get into our organization
when we talk about things like vulnerability research. That's basically just a process of discovering these vulnerabilities and design flaws that might open up the operating system applications again, uh, the human element, or are other systems to attack right to attack from adversaries?
Vulnerabilities of cells are usually classified low, medium high. So that's a severity level.
And you might ask yourself, Okay, well, what is fundamentally research
actually do for the organization, like Why do we even care to do this? Well, as we talked about already, right? If an adversary confined the vulnerability, that might be a way in, and then they may steal your data, they may attack other systems. They may corrupt things. You just never really know. And that's why we try to find these in advance to protect our systems a little better.
So we have different types of vulnerability assessments, and we'll talk through each one just a little bit of kind of a high level.
So let's start off with our active assessment. This one uses a network scanner Thio locate things like our host services a zealous vulnerabilities. So if we see that there's certain software being used, that's out of date. We can quickly find if there's any vulnerabilities for that, they're being exploited and either update our software or
determined that, Well, we're OK with that risk, right? We're OK with that risk to the organization
we can. You do use many tools to perform an active assessment, so this could be things like N map open Voss Nexus, solar winds nikto angry I, P. As well as wire shark.
Next, we have our passive assessment. So this is basically just used to sniff network traffic to locate things like active systems are network services in use applications, as well as other vulnerabilities that might be present. Um, this one again, very passive. You Essentially, this is a screenshot of wire shark
on you just sniff the traffic and you see, can you grab a user name and password? Can you Can you grab
other information from that sniff?
We have our external assessment. So this basically assesses our network from the Attackers viewpoint. Right. So that's from that adversarial viewpoint, and the goal is to identify any vulnerabilities that might be exploitable or visible to the outside world.
We then have an internal assessment. So this one is actually scanning that internal infrastructure to identify vulnerabilities and exploits. Now again, thes air things that should not be a visible from the outside world.
We have our host based assessment. So here we're performing a configuration level check and using the command line to do so. So this is allowing us to identify a specific vulnerabilities on that workstation or that server.
We have our network assessment where it allows us to determine any possible attacks on the network.
Our application assessment. This is where we can identify things like miss configuration. So, for example, you've probably seen the seen or heard in the news around cloud Miss configurations on things like S three buckets, right. That's what we're talking about here. It could be something in the application that we're not doing properly.
Um, could be known vulnerabilities in the Web infrastructure as well.
And it could be we're not setting proper parameters, right? So we we assess our applications. We find that they are susceptible to something like, for example, buffer overflow attack
and then wireless network assessment just similar to the network. One just identifying any vulnerabilities on our wireless network infrastructure.
So when we think about that, we can think about it. An adversary likely doing something like an evil twin attack right where they put out their own wireless access point. People connect to that thinking that it's the company's guest network, or that this company's actual, uh, employee network, and instead they're connecting to the adversaries network.
So let's talk about CBSS.
CVS stands for the common Vulnerability scoring system. Basically, it provides an open framework for communicating the characteristics and impact of I t vulnerabilities.
So it's a quantitative model, and it basically has a score range all the way from none all the way to critical. So none being 0.0 all the way up to attend critical Um There's been some recent 10 out of 10 on CBS s scoring for vulnerabilities that are actively being exploited in the wild.
And so, really, this is more about trying to help you as an organization, understand the impact or potential impact, right? So you can identify that.
Let's just say Apache, the version you're using is vulnerable, right? So you go, you search on CBS s for that particular version of Apache, and you find that there's a lot of different vulnerabilities you find that summer. What's characterizes like higher critical. You find some that are low severity,
you find some, maybe mediums in there. And then it's an organization, you determine.
which ones do we care about which one to relevant to us and how can we mitigate thes issues?
So just a quick, quick question here for you. This type of assessment uses sniffing. Is that gonna be the network assessment, wireless network assessment or passive assessment?
All right, so if you guess the passive assessment, you are correct.
So in this video, we just talked briefly about what a vulnerability is again going back to our example of the wooden bridge.
We build that bridge over the river, and over time some of the board start to crack, and those are the weaknesses. Those are the vulnerabilities in our wooden bridge, and someone can come along and exploit those by hitting our bridge with a hammer or tearing the board out because it's, um, cracked like that.
And that may not make the bridge fully collapsed, but it may. It may do that right, so we just don't know. So we have to determine based off our organization, much like the wooden bridge which vulnerabilities we find are actually relevant and of concern to us. We also talked about the different types of vulnerability assessments, and we talked about CBS s a little bit as well.