Time
35 hours 10 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:00
Hello and welcome back to cyber is comped ear certified advance security practitioners Certification profession Course.
00:08
This is a continuation on margin on the two were just title vulnerably management.
00:13
These are objectives and the order which will be covered doing this particular model, which is marginal too.
00:19
Specifically, we're gonna take a look again at
00:22
a continuation off vulnerability assessment. This is section number two. Voluntary assessment. Continuation
00:30
these that objectives in order which you will be covered in the previous video. We define bone believe, Suspect. Explain why it's important
00:37
what we're gonna do now again in this particular presentation, explain the diff between vulnerably scanning and penetration testing.
00:44
So, without further ado, let's go in and clear on this particular course of action.
00:49
Now, when you think about fun with scanning versus penetration testing that has two important vulnerable assessment procedures, you have Barnum Bailey scanning and then you have penetration. Scanning the two activities are similar, but they're often confused with one another. Now, when you think about vulnerable scanning birch dispensaries and testing
01:07
barbarous scans and Barnaby assessments searched the system for known vulnerabilities.
01:14
A parent raising test on her hand attempts to actively explore weaknesses in an environment. While the vulnerability skin can be automated, a Pinterest and test requires various levels of knowledge.
01:29
And here again, if it took charge, illustrate the diff between Bombay, this scans and your Pinterest intestines. Take briefly. Take a look at this chart. Now. Force that freaks are concerned. We looking of ornaments can at least quarrel, especially after new equipment. On the other hand, we look at penetration testers once or twice a year. Force reports
01:49
the varmints can provide a comprehensive based on what bubble is this? On the other hand, you're penetration test again. Con's a concise identify. What? That it was compromised again. Obviously, we can see there are differences between a vulnerable to scan
02:06
and a penetration test.
02:07
We all can understand why individual may somehow get confused and think that they're one and the same. In fact, that's not the case
02:15
Now. Barnaby, this scan is an automated software search through your system for known security weaknesses. It creates a reporter your potential exposures. It should be compared against your baseline scans and officer. Any changes can be obviously need to be investigated
02:30
usable form from inside the security perimeters and it does not interfere with your normal network type operations.
02:38
Then there's two methods performing your bone scan. You can do intrusive bone scan. You can also do, and none intrusive. We they were in choosing attempts to actually penetrate the system to perform a simulated attack.
02:52
When you think about none intrusive, basically, it uses only available information to a proper size.
02:58
This status of your vulnerability. Other words to tryto analyze the Determine what Steve, The level of your vulnerably.
03:06
You also again improvised credentials, username and password to the scanner so it test four additional internal bottomless can be performed as well.
03:15
Here again, this particular charge in this great volume is scanning bond. The scanner is a security technique used to identify as good a witness in a computer system.
03:24
Borman scanning can be used by individual network administrators for security purpose or could be used by hackers attempted to gain unauthorized access to your computer systems. A generous scanning is a computer program designed to access your computers, your computer system, networks or application for weaknesses.
03:43
They could be run either as part of your gonna be imagined by those
03:46
tasked with protecting your system. or by black hat actress looking to gain what we call unauthorized type access.
03:55
Now we think that penetration testing is designed to explore your system weaknesses. It relies on the test of skill, obviously knowledge as well. And maybe, but another thing breezes with this particular taste. It be very cautious in regards to perform this test because it may disrupt your network operations.
04:13
The end result. Pinterest and test report. That's what you're gonna get
04:16
from again. A penetration type. Tests
04:19
there are three different techniques could be used again. One. Been a block back box, which, again the test that has no prior knowledge of your network infrastructure. It could be a white box for me to test, as in depth knowledge, your network and sisters fantastic. On one hand, it could be a great box type test.
04:36
Some limit information has been provided to the tester.
04:42
This next chart is great again the various features. It looks at viably scan as well as your countries and test. In fact, in terms of frequencies, you're bundling scam when new equipment is a stall.
04:54
Pinterest, just on hair should be performed at least once per year
05:00
now, during this particular presentation up to this point. Time to discuss Bombay assessment, explaining why it's important we discuss the deficit between a bomb, the scan and penetrates intestine in the upcoming video. We going king on our discussion by describing the security implementation implication of integration will get three parties and lastly
05:18
list some techniques for mitigating ended turing
05:21
these various attacks
05:27
so I can look forward to seeing you in the next video, which will be in fact be a continuation our vulnerability assessments.

Up Next

CompTIA CASP+

In this CASP+ certification course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA CASP+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor