Hello and welcome back to Cyber is 2019 comp tier security plus certification purpose. Of course,
we're going continue our discussion on margin one. The top of discussion domain one. Threats, attacks and vulnerabilities.
Surprising enough, we have a brand new objective which encompasses this particular main. Its title. 1.5. Explain bone abilities. Scanning concepts before we begin the price. Actually explaining boneless skinning concept. Let's first or engage in a short pre assessment quist,
and the question is as follows as security program alerts you of a failed logging attempt to a secure system
on investigation. You learn the system normal user accidentally had the cat blocks turned on. What kind of alert was it is a
Be a true negative. See ah, false positive or D off false negative
if you selected answer being see you're absolutely correct because it was a false positive since you were alerted of the potential incident. But there was no real threat.
Continue on what type of disgust again, this brain new objectives, his title explained,
vomited scanty concept here again of the topics which encompasses this particular objective,
ranging from passively tests your security controls
identify vulnerabilities, identify lack of security controls,
identify common miss configurations
and take a look at intrusive versus none intrusive
credential versus non credential
and last. But I certainly said which false positive.
Now the first thing we will take a look. It's passively test your security controls. An important point of by Bone scan is that it does not attempt to export any vulnerabilities instead of honorably. Skin is a passive attempt to identify weaknesses within your particular systems.
Then we have. We want to also go about the price. Identifying the various vulnerable is when you think about a vulnerability. It's a weak spot or weakness in your network that might be explored by a security threat.
We also want identify the lack of security controls.
Vulnerable is scanning can also identify Mrs security controls, such as a lack of update patches or a lack of an A virus type software.
Then we also go to the price identify common mis configuration,
as you're well aware of the one of the biggest issue have nowadays is miss configuration. Other words, someone, assuming that perhaps they got happy second figure properly, and then they finally the role that the information that was going over the network was actually going over in clear text.
Now, with a vitamin scanning looks at the architecture design of the floor data, it is flowing in
and also addresses certain issues such a security controls.
Other words. You able to conduct what we call court review a bone scan. It can pass any test it the source code of programs and application to find vulnerabilities before the application are actually put into production.
Then we have intrusive versus none intrusive. Obviously, there are some differences. When you look again first of art, intrusive what it does. It tries to exercise of vulnerability, which can crash or alter your remote target.
Then we have none intrusive tests. They try not to cause any harm or damage.
Then we have credential versus non credential
on credentials. Scans are less accurate due to the high number of false positives. Vigna credential scans are more accurate due to obviously, in this case than nature. Of the scans,
we look a term called a false positive Ah, false positives, a false alarm. However, a false mega doesn't take anything while you have been attacked.
A false positive is where the scam believe that there is a vulnerably, but when you visited, check it.
at this one time. We have our post assessment quiz,
and the question is as follows A vomiting scan can be in choosing unknown in choosing it is true or false.
If you say that a your absolute crypt because intrusive skin on less invasive than penetration tests but still can raise alarms or even cause system errors
at its four time, we have some key takeaways and the rest follows Were under the vulnerably assessment is the price of identifying, quantifying and privatizing or ranking
the vulnerabilities of a system
We learned the truth. The test. Try to exercise of honorably, which which can obviously can crash. Alter your remote target
A. None of choose a test tries not to home
or other words cause any harm to the target.
A non credential scan will monitor the network to see any vulnerable. Is that attack at what is defined? We should fix the volume we found with a non quit interest game first, as this is what the hackers see when they enter your network.
Evidential scan is much more faster. Version of a vulnerable scan. It provides more detailed information than a non credential types can.
A false posits were the scam Believe that there's a vulnerability, but when you physically check it, it's not there.
In our upcoming presentational upcoming topics, we continue our discussion domain one, which is titled Threats, Attacks and More Ability. In fact, we have a brand new learn objective, which is tired of 1.6.
Explain the impact associate with the types of vulnerabilities
I look forward to soon the very next video.