Vulnerability Assessment: Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> For our next section,
00:00
we're going to discuss vulnerability assessments.
00:00
We're going to break that down into two sections.
00:00
The first section, we're going to
00:00
just talk about the purpose and
00:00
some of the specifics of vulnerability assessments,
00:00
and then we'll talk about the different types.
00:00
When we start off, it's important to understand that
00:00
a vulnerability assessment is a passive evaluation.
00:00
We're not trying to create exploits,
00:00
we're basically documenting what we find.
00:00
Usually we're looking for known weaknesses.
00:00
Do you have weak passwords?
00:00
Are you storing sensitive information unencrypted?
00:00
Do we have more larger number
00:00
of hosts than are authorized on the network.
00:00
We're just looking for
00:00
>> known flaws and we're documenting.
00:00
>> The idea is we start
00:00
with an audit to see if we're in compliance,
00:00
then we go to a vulnerability assessment
00:00
to see if there are still weaknesses.
00:00
Then the next step is going to be active,
00:00
which is going to be the pen test
00:00
where we try to exploit.
00:00
We're not exploiting anything here,
00:00
we're really just enumerating,
00:00
enlisting, we're collecting information.
00:00
There are various types vulnerability assessments.
00:00
I want to stress because many times,
00:00
especially when we hear penetration tests,
00:00
but also with vulnerability assessments,
00:00
a lot of times we tend to think technical.
00:00
That's true vulnerability assessments
00:00
can be technical and
00:00
we should conduct technical vulnerability assessments.
00:00
But we also need to test our personnel,
00:00
perhaps sending out email and seeing who's
00:00
opening up attachments that aren't digitally signed.
00:00
We could make calls to
00:00
certain extensions trying to
00:00
see what information would be given out over the phone.
00:00
We test our personnel to make sure
00:00
our people are following policy.
00:00
We also conduct assessments
00:00
of our physical security at the end of the night.
00:00
Our security guard goes around
00:00
and checks to make sure the doors are locked,
00:00
looking up and down the hallway
00:00
>> for anything suspicious.
00:00
>> We conduct these assessments technical, physical,
00:00
and administrative on a regular basis because we
00:00
want to discover those vulnerabilities
00:00
before they become exploits.
00:00
We just laid the groundwork for what we're going to
00:00
cover in the next section and
00:00
talk about the purpose of
00:00
vulnerability assessments and the various types.
Up Next