vulnerability management
play

Vulnerability Management Spring 2020 Jay Chen What is a - PowerPoint PPT Presentation

Nov 05, 2022 •231 likes •407 views

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

  1. Vulnerability Management Spring 2020 Jay Chen

  2. What is a vulnerability? ● A vulnerability is a cybersecurity flaw in a system that leave it open to attack. ● A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.

  3. How many vulnerabilities are there? NIST National ● Vulnerability Database 123,622 documented ● vulnerabilities Last 3 years: 43,662 ●

  4. Types of vulnerability Network Vulnerability ● Application Vulnerability ● Misconfigured Server (Open Ports) ● Unsupported Operating System (EOL) ● Outdated Applications ● Default Credentials ●

  5. Vulnerability Example: BlueKeep ● BlueKeep (CVE-2019-0708) ● https://nvd.nist.gov/vuln/detail/CVE-2019-0708 ● https://www.rapid7.com/db/?type=metasploit

  6. Common Vulnerability Scoring System ● Scores Severity 0.0 None/Informational 0.1 – 3.9 Low 4.0 – 6.9 Medium 7.0 – 8.9 High 9.0 – 10.0 Critical

  7. Blue Keep Example https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=(AV:N/AC:L/PR:N/UI:N/S: U/C:H/I:H/A:H/E:H/RL:O/RC:C)

  8. What is vulnerability assessment? Process of defining, identifying, classifying, and prioritizing vulnerability in ● computer systems, applications, and network infrastructures. Risk Vulnerability Remediation Assessment Identification Analysis

  10. Vulnerability Assessment Example BlueKeep CVSS 3.0 = 9.8 Critical Overall Risk Score = 1.0 Low

  11. How do you perform a vulnerability scan?

  13. What are the benefits of conducting a vulnerability scan? ● Identifying CVE vulnerabilities/misconfigurations ○ Open ports ○ Default accounts and password ○ Default passwords ○ EOL ● Passively testing security controls ● Configuration audit ● Identifying lack of security controls ○ Anti-Virus ○ Patch management ○ Host-discovery ● Cybersecurity Compliance ○ PCI DSS, NIST, HIPAA

  14. Types of Vulnerability Scans Credentialed Non-credentialed ● Authenticated ● Non-Authenticated ● Require the user’s credentials ● Do not require the user’s credentials ● Uncovers more vulnerabilities ● Many false-positives ● Less false-positives ● Shorter configuration time ● Longer configuration time ● Usually done in penetration test • Internal Vs. External Scanning • Application Scanning • PCI DSS Scans

  15. What is Tenable Nessus? Nessus is a vulnerability ● scanner sold by Tenable Security. Nessus provide many ● different types of vulnerability scanners: cloud-based, agent-based, client-based, and essentials. https://www.tenable.com/plugins/nessus/125313

  16. Tenable Nessus Features

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Vulnerability management with OpenVAS Henri Doreau henri.doreau@greenbone.net 12 th LSM -

Vulnerability management with OpenVAS Henri Doreau henri.doreau@greenbone.net 12 th LSM -

Vulnerability management with OpenVAS Henri Doreau henri.doreau@greenbone.net 12 th LSM - Strasbourg 2011 OpenVAS Vulnerability management Project news Conclusion Outline OpenVAS 1 Introduction Architecture Vulnerability management 2

691 views • 29 slides
Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a significant shock that brings welfare below a socially accepted level (Khl, 2003) Vulnerability increases when there is uncertainty with respect to

529 views • 21 slides
Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection

Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection

Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection Committee May 20, 2020 Outline Why use Community Vulnerability Tools? Major tools Benefits and examples of how to use them Discussion

362 views • 24 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability

Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability

Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability Management z/OS Security Management Identity, Access and Entitlement Management z/OS Operations Management 1992 2016 Windows Server Data

304 views • 9 slides
Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and migration systems Purpose Intended to guide & inform frontline workers & decision makers on the relevance of vulnerability factors to

507 views • 19 slides
Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures Islamabad Pakistan Assessment and Vulnerability Assessment and Vulnerability Reduction Measures Reduction Measures adpc Asian Disaster

702 views • 46 slides
Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management

Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management

Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management Processes in the Wild Noura Alomar, Primal Wijesekera, Edward Qiu, and Serge Egelman University of California (Berkeley) and ICSI Motivation Many

688 views • 23 slides
Introduction What is Disaster vulnerability? Vulnerability is the inability to resist a

Introduction What is Disaster vulnerability? Vulnerability is the inability to resist a

Vulnerability to Disasters: A Gendered Analysis on Water Availability and Livelihoods in Nadu Colony, Kovalam, Chennai, India Group No: 02 Sumaia Kashem Shreeya Lohani Shanmuga Priya. G Meththa Prabodhani Menike

834 views • 40 slides
HOw NOT to suck at Vulnerability Management Shellcon.io Plug (@plugxor) and Chris

HOw NOT to suck at Vulnerability Management Shellcon.io Plug (@plugxor) and Chris

HOw NOT to suck at Vulnerability Management Shellcon.io Plug (@plugxor) and Chris (@ChrisHalbersma) Current Landscape Apache Struts backend server exposed to the Internet DATABASE EXPOSED UNSECURED SERVER DATA LEAK

955 views • 57 slides
Vulnerability and Threat Management and Prevention Weston Hecker Security Expert With KLJ Systems

Vulnerability and Threat Management and Prevention Weston Hecker Security Expert With KLJ Systems

A1 Vulnerability and Threat Management and Prevention Weston Hecker Security Expert With KLJ Systems Network Analyst/Penetration Tester/President Of Computer Security Association Of North Dakota Slide 1 A1 Author, 9/16/2013 About Me About Me:

925 views • 23 slides
Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides
The Maldives Population Distribution Vulnerability Indicators Vulnerability Indicators

The Maldives Population Distribution Vulnerability Indicators Vulnerability Indicators

The Maldives Population Distribution Vulnerability Indicators Vulnerability Indicators (excluding Male') Highest elevation 1.5m Population: 298,968 above sea level less than 1000 97% of all inhabited 59 % Total number of

357 views • 4 slides
1 Vulnerability in WPA2 Hole196 Hole196 Vulnerability in WPA2 Presenters: Anthony Paladino,

1 Vulnerability in WPA2 Hole196 Hole196 Vulnerability in WPA2 Presenters: Anthony Paladino,

1 Vulnerability in WPA2 Hole196 Hole196 Vulnerability in WPA2 Presenters: Anthony Paladino, Managing Director, Systems Engineering Dr. Kaustubh Phanse, Principal Wireless Architect Md. Sohail Ahmad, Senior Security Researcher Moderator: Della

314 views • 29 slides
Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life

Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life

Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Life Cycle CSU Cybersecurity Center Computer Science Dept 1 1 Topics Vulnerability Life Cycle Vulnerability Discovery models 2 Vulnerability

805 views • 46 slides
Claim your Baruch accounts before the Baruch Honors Orientation Through this Tutorial, you will

Claim your Baruch accounts before the Baruch Honors Orientation Through this Tutorial, you will

Claim your Baruch accounts before the Baruch Honors Orientation Through this Tutorial, you will learn how to retrieve your: Baruch Username Baruchmail Student Email Account Update the email listed in Blackboard Please note, the default

459 views • 8 slides
Life of a Password

Life of a Password

Life of a Password Arvind Mani Data & Infrastructure

1.05k views • 30 slides
Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked Can detect, reject bad passwords for an appropriate definition of bad Discriminate on per-user, per-site basis Needs to do

363 views • 21 slides
Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej

Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej

Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej Chajed, Adam Chlipala, Frans Kaashoek, and Nickolai Zeldovich MIT CSAIL 1 / 27 File systems are complex and have bugs File systems are complex (e.g.,

1.18k views • 50 slides
Databases Databases Software that stores data on disk Runs as a server and is communicated

Databases Databases Software that stores data on disk Runs as a server and is communicated

Databases Databases Software that stores data on disk Runs as a server and is communicated with via TCP sockets Provides an API to store/retrieve data The software handles the low-level file IO Allows us to think about our data,

177 views • 15 slides
Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University Overview How do you configure endpoints for better security? 1. Updates 2. Correct settings 3. Reduce attack surface 4. Limit privilege 5.

477 views • 19 slides
Hacking in C hic 1 About this course: topics & goals Standard ways in which software

Hacking in C hic 1 About this course: topics & goals Standard ways in which software

Hacking in C hic 1 About this course: topics & goals Standard ways in which software can be exploited understanding how such attacks work understanding what makes these attacks possible doing some attacks in practice

1.17k views • 16 slides
Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides

More recommend