--> Vulnerability refers to a weakness in the system.
--> Vulnerability Assessment is a process of testing the network and the information systems for security vulnerabilities in a consistent and repeatable manner.
--> It is the important job of an organization's security team to keep up to date with the latest security vulnerabilities that could threaten the network and information systems.
--> The vulnerability Assessment process typically includes which four activities such as,
i) Device Discovery
ii) Service Enumeration ( Checking for which ports are open on the device).
iii) Scanning ( Checking for configuration issues/ software bugs / unwanted services / Patches).
iv) Validation ( Verifying all the parameters).
--> Security Professionals should perform Vulnerability assessment in the case of,
i) When the new technology/software/hardware to be deployed in the organization.
ii) When the software updates or hardware updates are released.
--> Security Team in the organization should frequently check for CVSS for understanding specific vulnerability characteristics and severity.
--> CVSS is an open framework for knowing the characteristics and severity of software vulnerabilities.
--> CVSS scoring helps security professionals prioritize the specific vulnerabilities by vendor-defined severity, environmental impact, and exploitability.
--> Common open source tools used to perform vulnerability assessment include Metasploit and OpenVAS.
Md.Kareemoddin
CCIE # 54759
No comments:
Post a Comment