Today cyber-crime is forcing organizations to pay more attention to information security. You'll learn that Vulnerability Management Programs helps detect and mitigate issues in your environment and help stop attackers from accessing your resources.
Networks aren't what they us to be, they're more complex than ever. Systems today are so interconnected and buried within those systems are thousands of undetected security vulnerabilities waiting to be used against you. Vulnerability Management systems are designed to recognize, rank, and remediate these vulnerabilities before an attacker gets a hold of them and exploits them to destabilize the privacy, integrity, or availability of your digital assets. In this course, Implementing and Performing Vulnerability Management, you'll learn about everything around vulnerability management. First, you'll learn about implementing a supportive vulnerability management VM program. Next, you'll explore through scanning. Finally, you'll dive into remediation steps that will help make sure attackers can't take advantage of you. By the end of this course, you’ll have enough knowledge to not only pick the VMP that’s right for you, but also how to use such applications to better the security of your network. Plus, you'll have all the information about VMP’s to help you with your CSA+ exam.
Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.
Course Overview Hi everyone, my name is Dale Meredith, and I'd like to welcome you to my course, Implementing and Performing Vulnerability Management. Now this course can be watched either a la carte, or as part of the CSA path. Now I've personally been a Microsoft trainer since 1998, as well as a cyber security trainer and consultant, and I've worked for several corporate 500 companies, as well as the Department of Homeland Security on several projects. And I'd love to tell you about those, but then, of course, I'd have to kill you. Now every time a computer, or a device for that matter, connects to the internet, there's a risk of an attacker taking advantage of some new vulnerability. This needle in a cyber haystack can actually reek all kinds of chaos on your network, but most disturbing is the fact that these vulnerabilities come from devices that you might not have even considered as a source of an attack vector. Attackers use these vulnerabilities to worm their ways into your network, and steal things like your intellectual property, create denial of service attacks, use your system for their own gain, or even steal one of your most valuable resources, your customers' data. Well, I want to help you make sure that you cover all your bases by talking with you about implementation and guidelines around running a VMP, or a vulnerability management program. Now some of the topics we'll talk about include, obviously, how to choose a VMP, as well as how to tweak the VMP to give you better intel. And based on the reports that the VMP gives you, how to remediate the changes that are necessary. By the end of this course, you'll have enough knowledge to not only pick out the VMP that's right for you, but also how to use such applications to better the security of your network. You know what, I'm also going to make sure that you have all the information about VMPs to help you with your CSA exam. Before beginning this course, you should be familiar with the basic networking technologies like TCP/IP and devices like routers and switches. If you want to run the labs, you'll need to have also watched a couple of other courses within the series that are before this one, including the Issues of Identity and Access Management, and Secure Software Development. So that being said, I hope you'll join me on this adventure in learning with Implementing and Performing Vulnerability Management course, here at Pluralsight.
Shaping and Implementing Your Vulnerability Scans Okay, so let's talk about shaping and implementing our vulnerability scans. In this module, we'll do several different things. We'll first go through and talk about how we ID the targets for our scans. You don't necessarily want to scan every single device in your environment, but we do need to determine which ones are the most important, and so we'll also take a look at the defining our scanning frequency, how often are we scanning? Now before we get further into this, I want to differentiate what we're talking about here when we talk about scanning or a scan. We're talking about looking at a particular machine, and looking for vulnerabilities on that machine. I am not talking about doing something like a ping sweep. We already know about the different systems on our network infrastructure, and there are several different products that we could use to identify identify those machines, anything from Nmap to some commercial products like WhatsUp gold, I mean there's all kinds of automated tools out there that help you to identify systems. Our goal here is to set up a scanning mechanism or scanning layout so that we can look at the machines that we've identified that we need to make sure that are secure. So, again, we'll look at the frequency, we'll also look at the scopes of the scan. We'll then talk about the different ways that we can configure the scans. And the scanning systems themselves also need some maintenance, so we'll look at that, as well as how we classify the data that we're scanning. We need to make sure that we're able to scan certain areas, or maybe they don't want us to scan certain areas. And then finally we'll take a look at ongoing scanning and continuous monitoring. So, now that we've got that out of the way, let's go ahead and get started with how do we ID the targets for our scans.
The Scanners Okay, so let's actually get into the scanners themselves. You need to understand that, first of all, I'm not going to get way in depth with each one of these scanners. We're going to show you how to install them just so you can have them and play around with them. And there's a plethora of options available to you. So we'll go through in this particular module, and we'll first take a look at understanding which scanner to use. Believe it or not, it's going to be, again, dependent upon your environment, and what you require. We'll then take a look at open source vs. commercial. I know, it's free versus paid. There's advantages and disadvantages to both. But are you also aware that there's an option of doing on-premises versus cloud solutions, and we'll talk about that. We'll also look at things from Big Blue's world, the Microsoft world. And then we'll also talk about something called SCAP, as well as exploit scanners. Technically we've already talked about these in a previous course, but we'll review them here just very quickly. So, if you're ready to get in and take a look at these scanners, let's get going.
Analyzing Vulnerability Scans Okay, so let's talk about analyzing those reports, or the vulnerability scans. In this module, we're going to go through and take a look at a couple things. The first thing we'll do is actually look at the fact that there is kind of a trick to interpreting the reports that we get. We'll also review or give you the information concerning the CVSS standard. This is a standard that helps us to rate the priority of a vulnerability. I have talked about them before in some of the other modules. Here is where we're going to clarify exactly what it is. We'll then take a look at the false positives and the exceptions that we may need to make as we're scanning for vulnerabilities. And then finally we'll take a look at the trends. Yeah, my bell bottom pants, they're not a trend anymore. Now we'll look at the trends. What we mean by this is that sometimes we start to see something happen, and maybe we can be, again, more proactive. So let's get going.
Remediation and Change Control Okay, so you've researched your scanners, you've installed your scanners, you ran your scanners, and now you get a scan report. And each vulnerability detected will normally be assigned risk, typically using our CVSS, or the Common Vulnerability Scoring System. Well what do we do now? Well, that's where remediation and change control comes into play here. In this module, we're going to go through and talk about a couple things. We'll first talk about the remediation workflow that you should make sure you understand, and that everybody utilizes so that you have a consistent environment that handles vulnerabilities when they hit. Part of that workflow will also talk about the communication and change controls that you need to implement, as well as some of the inhibitors to remediation. So when you're ready to move on, just continue, and we'll start talking about the workflows.
Remediating Host Vulnerabilities Okay, so let's talk about remediating host vulnerabilities. Now typically when we talk about devices like hosts, we have this tendency of thinking of just of servers. Well, that's not the case. In this particular module, we're going to look at all the different types of host vulnerabilities. They'll range from servers, as well as we'll go through and talk about endpoints, and endpoints is where we'll really open this up to things like mobile devices, as well as the Internet of Things. We'll then go through and talk about ICS, as well as SCADA. So let's jump right into this and get going.
Remediating Network Vulnerabilities Okay, network security has changed quite a bit. It's become actually more of a challenge than it was several years ago. And today, our IT teams actually struggle against cyber security talent shortages, as well as an increased number of endpoints in their networks, as well as the ever-changing cyber crime attack vector, and that's why it's important to understand how to remediate network vulnerabilities. In this module, we'll go through and we'll talk about some of those things we need to be looking at. We'll first talk about updates, as well as some of the underlying security mechanisms in our protocols, such as SSL and TLS. There's also some issues, one of my favorite targets of opportunity is DNS, and we'll talk about that. There's some exciting things actually taking place as of the recording of this course that will be affecting android phones, where they're starting to implement some secure DNS queries. But that's me being a little bit side-tracked here. We'll also take a look at the issue of accidentally exposing internal IP addresses, and of course, another type of network vulnerability that we need to be aware of or at least how to remediate, would be VPN issues. So let's dive in and see what we can learn today.
Remediating Virtual Environments Vulnerabilities Okay, when it comes to virtualization, look, most of us are using some type of virtualization at this point, right? And remediating issues within the virtualized environment isn't too far off from what we do in a physical environment. However, there are some virtualization issues we need to take a look at. In this module, we're going to go through and make sure we understand everything we need to be looking at. We'll first go through and just have a quick review of virtualization. No, I'm not going to bore you with this is how we virtualize a machine. I want to show you basically what's happening when we implement virtualization, because it comes into play as we go further in. We'll then take a look at how we can remediate issues with Administrative Interface Access, as well as getting into the virtualization itself, whether that's patching the virtual hosts, which is the physical box that's maintaining the virtualized machines, or the guest operating systems themselves. We'll also take a look at the virtualized network. These are a little bit harder, or sometimes they get overlooked because of the aspect of they're not visible to us. It's not like we see a wire hanging out. And cue the spy music. Okay, let's get going.