Vulnerability Assessment - Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Now for our next section,
00:00
we're going to discuss vulnerability assessments.
00:00
We're going to break that down into two sections.
00:00
The first section we're going to just
00:00
talk about the purpose and some of
00:00
the specifics of vulnerability assessments
00:00
and then we'll talk about the different types.
00:00
When we start off, it's important to understand that
00:00
a vulnerability assessment is a passive evaluation.
00:00
We're not trying to create exploits,
00:00
we're basically documenting what we find.
00:00
Usually we're looking for known weaknesses.
00:00
Do you have weak passwords?
00:00
Are you storing sensitive information unencrypted?
00:00
Do we have larger number
00:00
of hosts that are authorized on the network?
00:00
We're just looking for known flaws and we're documenting.
00:00
The idea is we start
00:00
with an audit to see if we're in compliance,
00:00
then we go to a vulnerability assessment
00:00
to see if there are still weaknesses,
00:00
and then the next step is going to be active,
00:00
which is going to be the pen test
00:00
where we tried to exploit.
00:00
We're not exploiting anything here,
00:00
we're really just enumerating,
00:00
enlisting, we're collecting information.
00:00
Now there are various types of vulnerability assessments.
00:00
I want to stress because many times,
00:00
especially when we hear penetration tests,
00:00
but also with vulnerability assessments,
00:00
a lot of times we tend to think technical.
00:00
That's true, vulnerability assessments can be technical
00:00
and we should conduct
00:00
technical vulnerability assessments,
00:00
but we also need to test our personnel,
00:00
perhaps sending out emails and seeing who's
00:00
opening up attachments that aren't digitally signed.
00:00
We could make calls to
00:00
certain extensions trying to
00:00
see what information would be given out over the phone.
00:00
We test our personnel to make sure
00:00
our people are following policy.
00:00
We also conduct assessments
00:00
of physical security at the end of the night,
00:00
our security guard goes around and
00:00
checks to make sure the doors are locked,
00:00
looking up and down the hallway for anything suspicious.
00:00
We conduct these assessments; technical, physical,
00:00
and administrative on a regular basis because we
00:00
want to discover those vulnerabilities
00:00
before they become exploits.
00:00
We just laid the groundwork for what we're going to
00:00
cover in the next section and
00:00
talked about the purpose of
00:00
vulnerability assessments and the various types.
Up Next