1 00:00:00,05 --> 00:00:02,06 - Network vulnerability assessment 2 00:00:02,06 --> 00:00:06,06 is a way to discover potential security weaknesses 3 00:00:06,06 --> 00:00:09,01 in a computer network. 4 00:00:09,01 --> 00:00:11,08 There are different types of network vulnerabilities. 5 00:00:11,08 --> 00:00:17,02 One is vulnerable configurations, such as open ports. 6 00:00:17,02 --> 00:00:20,08 Another type is known software vulnerabilities 7 00:00:20,08 --> 00:00:25,02 for both operating systems and applications. 8 00:00:25,02 --> 00:00:28,04 The third type is vulnerabilities associated 9 00:00:28,04 --> 00:00:33,01 with compliance to policies and standards. 10 00:00:33,01 --> 00:00:35,05 This one is more human factor oriented 11 00:00:35,05 --> 00:00:38,07 rather than technical. 12 00:00:38,07 --> 00:00:41,03 For more technical vulnerabilities, 13 00:00:41,03 --> 00:00:46,05 especially those related to security misconfigurations, 14 00:00:46,05 --> 00:00:51,04 please check out this national vulnerability database 15 00:00:51,04 --> 00:00:59,02 by NIST, or National Institute of Standards and Technology. 16 00:00:59,02 --> 00:01:01,09 A lot of vulnerability assessment tools use 17 00:01:01,09 --> 00:01:05,02 the common configuration enumeration, 18 00:01:05,02 --> 00:01:09,09 or CCE, provided by NIST. 19 00:01:09,09 --> 00:01:13,09 The process of removing security vulnerabilities as much 20 00:01:13,09 --> 00:01:20,04 as possible is referred to as system or network hardening. 21 00:01:20,04 --> 00:01:24,05 The hardening can be done technically by installing patches 22 00:01:24,05 --> 00:01:27,02 and fixing configurations, 23 00:01:27,02 --> 00:01:32,09 or it could be managerial like auditing and monitoring. 24 00:01:32,09 --> 00:01:35,04 To harden your system properly, 25 00:01:35,04 --> 00:01:37,03 you should understand the nature 26 00:01:37,03 --> 00:01:40,03 of network security vulnerabilities first. 27 00:01:40,03 --> 00:01:43,03 For example, the number of vulnerabilities 28 00:01:43,03 --> 00:01:46,07 is always too many to address. 29 00:01:46,07 --> 00:01:48,07 The second problem is that 30 00:01:48,07 --> 00:01:51,08 the vulnerabilities themselves are dynamic. 31 00:01:51,08 --> 00:01:57,04 They evolve and new vulnerabilities show up all the time. 32 00:01:57,04 --> 00:02:01,02 If you're looking for the best vulnerability assessment tool 33 00:02:01,02 --> 00:02:05,06 for your organization, here are things to consider. 34 00:02:05,06 --> 00:02:10,01 First, you want to know whether the tool can quantify 35 00:02:10,01 --> 00:02:13,01 the severity of the vulnerabilities. 36 00:02:13,01 --> 00:02:16,05 Because there are just too many vulnerabilities 37 00:02:16,05 --> 00:02:19,09 it's often necessary to prioritize 38 00:02:19,09 --> 00:02:23,04 and severity helps you prioritize. 39 00:02:23,04 --> 00:02:25,02 Next is the presentation, 40 00:02:25,02 --> 00:02:27,07 which is how well the vulnerability assessment 41 00:02:27,07 --> 00:02:32,01 tool organizes and conveys the information. 42 00:02:32,01 --> 00:02:36,02 How comprehensive the vulnerability assessment tool is 43 00:02:36,02 --> 00:02:39,00 and how much support is available 44 00:02:39,00 --> 00:02:41,07 are important factors too. 45 00:02:41,07 --> 00:02:44,05 Another critical thing to look at 46 00:02:44,05 --> 00:02:48,05 is the ability to schedule periodic scans. 47 00:02:48,05 --> 00:02:51,09 Network scans cannot be done just once. 48 00:02:51,09 --> 00:02:56,04 It has to be done over and over again periodically. 49 00:02:56,04 --> 00:03:00,06 Therefore, the tools ability to do periodic scans 50 00:03:00,06 --> 00:03:04,01 automatically is imperative. 51 00:03:04,01 --> 00:03:07,00 Employing a vulnerability assessment tool 52 00:03:07,00 --> 00:03:12,07 is a must in securing an industrial strength network. 53 00:03:12,07 --> 00:03:16,09 Finding the best tool for you is another challenge. 54 00:03:16,09 --> 00:03:19,01 I hope you learn the list 55 00:03:19,01 --> 00:03:22,00 what you need to look for from this lesson.