Time
7 hours 33 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:01
Hello and I like the working back. The Siberia's camped here certified advance secretive practice. Do this certification preparation course
00:09
we continue our discussing, Ah, bomb building management, which is margin number two.
00:14
These are the objectives which encompasses marginal or two.
00:19
Let's not take a look at the term vulnerability assessment. Other words this is objective will be discussing at this point in time now this particular object that encompasses Section two
00:31
Vulnerability assessment.
00:33
With that being said, let's take a look at a pre assessment question.
00:37
What is a systematic and methodical evaluation of the exposure of assets to Attackers, forces of nature's and any other entity that could cause potential harm? Call. Is it a penetration? Tests? Be vulnerability Scan. See vulnerability management
00:56
or D
00:57
with appraisal.
01:00
If you should let the seat you're absolutely correct. It's called vulnerability Assessment.
01:04
Let's not take a look at object. It's gonna be covered doing this particular section,
01:08
we begin by the finding vulnerabilities suspect. Explain what's important. Explain the different Tween vulnerability, scanning and penetration testing,
01:17
described a security implementation of integration with third parties and list some techniques for mitigating and deferring our attacks.
01:26
So when we think about vulnerabilities. Remember, vulnerability is a weakness, So the first step in any security protection program or plan begins with assessment of your vulnerability words. You look at your witnesses, you assess witnesses. It takes a look at the variety of techniques and tools that can be used in evaluating the levels off vulnerabilities.
01:48
So what is it gonna be assessment?
01:49
It's a systematic and gain methodically valuation of assets, exposure to Attackers, forces of nature and any potential harmful energy not force the aspects of concern. We look at the asset identification I threat evaluation, vulnerably appraisal risk assessment as well as risk mitigation.
02:10
Now a vitamin assessment is a risk management process used to identify, quantify and Rick possible vulnerable leaves to threats in a given system. It's not toe ice in a single field, and it's applied to systems across different industries, such as your RT systems. You look at your energy and other utility systems
02:30
transportation, as was your communications systems.
02:34
Now the key component of vulnerable assessment is a proper identification or definition for impact lost ratings and assist among ability to that specific threat.
02:43
Impact laws difference persistent, for example, and as far as Everyone says the at traffic control tower, make a suitor a few minutes of downtime as a serious impact loss. While for a local government offices, those few minutes of impact loss may be ineligible.
03:00
Now we're looking at Barnaby assessment. Obviously, first thing is to what identify. Then we analyze, mitigate, and then we go through a process, obviously off managing.
03:12
So we look at a vulnerable assessment. Let's take a look at that factory for stealing a car.
03:17
In this case, first of all, the tree begins with you wouldn't steal a car stereo. So what you wanna do first of all, break the glass? You could maybe even steal the key. You engage with car jacking and so forth. So this is again an example off a vulnerability assessment.
03:35
Now for that, tools are concerned
03:37
there are number of different tools that we can utilize to help us in this process. We have a term called banner grabbing tools. Now, again, basically, in this case, it's a safe bet is a message when it's service stress myth. When another program connects to it. Example
03:53
Havana, for a C P service, would typically show the type of service software
03:58
version number and, when it was last modified, any of similar information. Not better graphics. When a program is used to intentionally gather this type of information, it can be used an assessment to perform an inventory on the service's and systems operating system as well.
04:14
We also have a protocol analyzer again, it's a hardware software that capture your packages.
04:19
Force common uses when you think about portable analyzer used for network administrators. But troubleshooting
04:26
characterizing network traffic is, well, a security type analysis. It could be used to find to your network in match your band with as well.
04:34
We also engaged what we call honey pots of honey nets now 100 fighters, computer protected by minimum security. Its intention to get figure, obviously with vulnerabilities and purposes. What to lure. They would be hacker in it, where we can gather information.
04:49
Now there goes a trick now attack into revealing their techniques. It can then determine if the actual production system
04:56
good trough such an attack in terms of your honey net is a network set for one arm or honeys, pots set up for intentional vulnerabilities.
05:05
Not doing this point in time, we discuss, we define it vulnerable assessment, and we explain why. It's very important
05:14
we're gonna begin King on by explaining different Tween the bone ability. Scanning as what is penetration testing an upcoming presentations. We describe the security implementation implication off integration with third parties and lastly, let some techniques for mitigating and deferring these different types of attacks.
05:33
So in an upcoming presentation, we continue our discussion on volume be assessment, and again, I look forward to seeing you on the next video.

Up Next

CompTIA CASP+

In this course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA A+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor