3 hours 20 minutes
everyone. My name is Peter Sip alone, and this is another section of the network security course. This is going to be module to lessen to, and we are going to be covering basically some basic cyber security vulnerabilities and how to stay up to date and then ever changing cyberworld.
The prerequisites for this course
are the first model, which is really just the introduction
and the first lesson off the second module in which I covered basic I t cybersecurity principles.
learning objectives for this course we're going to take a quick look at CW bees and see ves and how these are really how cybersecurity, vulnerabilities and weaknesses are officially documented. And we're also gonna look up a quick wave, really just how to stay up to date in a cybersecurity world.
All right, so I want to start out by saying a very hard and difficult truth.
This quote is a quote by Thornton May, who is kind of like a futurist keynote speaker and an author, basically, who challenges our beliefs about the future. And he says disruptive technologies are fundamentally expanding the art of the possible
reshaping the solution provider ecosystem with a new hierarchy of winners and losers
and discombobulating expectations of how and by whom risk and security should be managed and led.
So what he's really saying is the security landscape is shifting incredibly fast. You know, things that seemed impossible or unrealistic are suddenly very possible, very realistic and are happening, and everything's happening at a very rapid rate. So as a result,
there's very difficult to stay up to date
and current with cybersecurity simply because everything is changing every single day.
Let's take a look at CW These and si ves CWB stands for common weakness in new Marais Shin, and this relates to spit design flaws, not necessarily a specific product or system.
Si ves stand for common vulnerabilities and exposures, and it relates to vulnerabilities within specific products. That means there's not really necessarily a problem with the design, but within the implementation off that design. Now, si ves and see
WB's are how beastly vulnerabilities air tracked in the cybersecurity industry.
It is way too much work to know all of them keep track of all of them. It's too much work to be familiar with them or to know information about every single one. So to really toe to find out about a specific vulnerability, you have to go to this source.
And that source is mortar, which is the organization that documents and tracks cybersecurity vulnerabilities. So let's take a look at their website here.
All right, so we have here the C W E section off miters website, and it's really a community developed list of software weakness types. Now you could do a lot of things. You can talk to the community, you can learn more about CW ease and how they go, and then you could look at the list and then you can also search.
So, for example, we're going to do a quick search here.
So if we search for this CWB, we can find it relatively quickly. We see it's an out of bounds read,
and then you can click on the CWB and you can read about you could read. You can read the description, the relationships. If it relates to any other CW bees, you can look. It basically could find all kinds of information regarding this specific design, and in this case, there is a code sample as well.
Simple, very similar to CV ease as well. This is the sea VE list, so you can search the list. You could download one if you wanted. You can update an entry, and they have a lot more cool tool information on this section of the website years, even a live Twitter feed,
where you can check out the latest C VE entries as they are getting updated
and tracked so we can also search for CV ease as well.
Poor Listen here,
all right. And so we have the C v e that look for It's a remote cold code. Execution vulnerability
happens in Windows memory. So if we can click on this, we can also weren mawr information on. This is a really great way to
just stay up to date on cybersecurity vulnerabilities. You'll see CV East and CW. He's listed a lot when reading security documents, So if you want to learn more about them, this would we. Where you come to Teoh basically read all the information about it and see what's actually going on,
right? So also, now let's take a look at how to stay plugged in. It's very easy to get behind in the cybersecurity industry. And there's just so much information out there
in terms of cybersecurity vulnerabilities, what's going on? And, you know, it's very difficult to kind of sift through all the information.
So one of the easiest ways to stay up to date and to stay current, at least in my opinion, is to use an RSS feed. An RSS feed really stands for really simple syndication, and it's a very easy way to get your content deliver directly to you without having to go out and search for essentially.
So I personally use the RSS feed feed early,
and this is kind of how the layout of futilely looks. So you have your different feeds here. So I have cyber news, but you really can have stuff like economics, finances any other personal category or type that you could possibly want. And then you can kind of go down. And here are some of the things you can subscribe to
so you can click on this and you can read all the articles by dark reading
whatever. Whatever you want to read,
you can click on another one. You can do that, or you can just click on the top.
You can just kind of go down and keep track of what's going on.
And if you want to add something, Tiu say your cyber news Come over here and you can search for pretty much whatever you want. In this case, I'm going to search for info sec.
And now here we are with a bunch of different options of information or people that you could follow. So in this case, we're going to follow the hacker news.
So click on the follow that we want to add it to the cyber news feed that we already have going and voila!
On the left hand side, we see the hacker news section,
and then we can start reading about them as well. And this is really a great way just to stay up the date current on cybersecurity. Reading it kind of sits through the information for you, and it delivers it directly to your doorstep so you don't have to go out and search for information.
Some also really good resource is are the info *** industry
security dot i. D. C.
And security Tubas Well, which is really just like the YouTube of cyber security videos tutorials how to trainings and things like that.
So in today's video, we discussed See the babies and si ves and how they manage and basically document cybersecurity and system vulnerabilities. And we also looked at RSS feeds
and a couple of other resource is on how to stay current on cybersecurity threats and vulnerabilities.
So quiz time,
true or false CV eat issues focus on vulnerabilities to specific products and systems.
You said a true you are correct si ves relate to vulnerabilities with specific products while see WB's are for underlying design falls.
Hope you guys learned a lot in this lesson and I will see you next time.
CompTIA A+ 220-1001
This CompTIA A+ training covers the 220-1001 exam components needed to earn the CompTIA A+ ...
12 CEU/CPE Hours Available
Certificate of Completion Offered
Penetration Testing and Ethical Hacking
The Penetration Testing and Ethical Hacking course prepares students for certifications, like CEH. This course ...
7 CEU/CPE Hours Available
Certificate of Completion Offered