We covered vulnerability management, vulnerability scanning, vulnerability management frameworks and the lifecycle of a vulnerability management program starting with discover, prioritize, assess, report and ending with remediate. We used OpenVas as an open source vulnerability scanner to demonstrate an example of scanning assets for vulnerabilities and reporting the findings along with classifying the vulnerabilities according to severity and CVSS score.
Get Blue Team Notes
Vulnerability Management
Vulnerability management is an ongoing, proactive, and frequently automated activity that protects computer systems, networks, and enterprise solutions from cyberattacks and data breaches. Consequently, it is a vital component of an overall security program. By discovering, evaluating, and correcting potential security flaws, businesses can help avoid attacks and mitigate their effects if they occur.
Vulnerability Scanning
Since vulnerability management is the process surrounding vulnerability scanning, it is essential to know how vulnerability scans are conducted and the tools at hand. Today, operating a vulnerability scanning tool requires little technical knowledge. Most vulnerability scanners may be operated via a graphical user interface, allowing a user to do vulnerability scans on a whole network with a few mouse clicks.
Security vendors offer various technological solutions with varying deployment choices, including standalone, managed services, and Software as a Service (SaaS). Some popular commercial vulnerability scanning tools include Nessus, Nexpose, and Acunetix. On the other hand, some good open-source solutions like Greenbone (community edition), OWASP ZAP and many more.
What is the difference?
The terms vulnerability management and vulnerability scanning are frequently misunderstood. Despite their relationship, there is a significant distinction between the two. Utilising a computer program to find vulnerabilities in networks, computer infrastructure, or applications constitutes vulnerability scanning. However, vulnerability management is the process that encompasses vulnerability scanning, as well as other factors, including but not limited to risk acceptance, remediation, and reporting.
Vulnerability management aims to lower an organisation’s overall risk exposure by promptly identifying and mitigating as many vulnerabilities as feasible. This can be challenging, given the potential vulnerabilities and limited resources available for remediation. Vulnerability management should be a continual effort to stay up with new and emerging threats.
The growing prevalence of cybercrime and the accompanying risks are compelling most firms to prioritise information security. A company’s efforts to control information security threats should include a procedure for vulnerability management. This procedure will enable a business to receive a continual overview of the vulnerabilities and related hazards in its IT environment. A company can only prevent attackers from infiltrating their networks and stealing sensitive data by discovering and mitigating IT environment vulnerabilities.
Room Answers
The process encompassing vulnerability scanning and other factors, such as risk acceptance, is called?
Is the overall objective of vulnerability management to increase an organisation’s risk exposure? (yea/nay)
What is the CVSS for CVE-2013-1048?
What is the Access Complexity for CVE-2013-1048?
With the fictional CVE-2023-2022, what would the CVE ID assign year be?
We have already scanned an Ubuntu machine; therefore, answer the following questions based on the scan report of LinuxAppTask task.
After scanning, what is the total number of medium-level vulnerabilities?
What is the severity score for the vulnerability “ICMP Timestamp Reply Information Disclosure“?
What is the operating system and the version number of the target machine?
Download the LinuxAppTask report in PDF format. What is the severity rating of the vulnerability in the report, where the solution type is “Workaround“?
What is the solution type for the “TCP timestamps” vulnerability?
What is the CVE for “ICMP Timestamp Reply Information Disclosure“?
The process of listing vulnerabilities as per their order of priority is called?
Which phase entails updating and strengthening resilience plans and restoring any compromised capabilities or services caused by a cybersecurity event?
Video Walkthrough