Lab 02

The document discusses managing risks by addressing threats, vulnerabilities, and exploits. It provides objectives and best practices for managing each, including creating security policies, identifying vulnerabilities, and hardening servers.

Uploaded by

dungnthe172688

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

7 views

Lab 02

Uploaded by

dungnthe172688

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 12

Managing Risk: Threats,

Vulnerabilities, and Exploits

Objectives

• Managing threats
• Managing vulnerabilities
• Managing exploits
• Risk Management strategies

http://fpt.edu.vn 05/20/202 2
4
Understanding and Managing Threats

• Threat as any activity that represents a possible danger

• The uncontrollable nature of threats
• Unintentional threats
• Intentional threats
• Any attempt to manage risk requires a through knowledge
of threats

http://fpt.edu.vn 05/20/202 3
4
Best Practices for Managing
Threats Within Your IT Infrastructure
• Create a security policy
• Insurance
• Use access controls
• Use automation
• Include input validation
• Provide training
• Use antivirus software
• Protect the boundary

http://fpt.edu.vn 05/20/202 4
4
Understanding and Managing
Vulnerabilities

• Vulnerability can be a weakness in an asset or the

environment.
• The loss occurs when a threat exploits the vulnerability.
– threat/vulnerability pairs
• Vulnerabilities can be mitigated.

http://fpt.edu.vn 05/20/202 5
4
Mitigation Techniques

• Policies and procedures

• Documentation
• Training
• Separation of duties
• Configuration management
• Version control
• Patch management

http://fpt.edu.vn 05/20/202 6
4
Mitigation Techniques (cont.)

• Intrusion detection system

• Incident response
• Continuous monitoring
• Technical controls
• Physical controls

http://fpt.edu.vn 05/20/202 7
4
Best Practices for Managing
Vulnerabilities Within Your IT Infrastructure

• Identify vulnerabilities
• Match the threat/vulnerability pairs
• Use as many of the mitigation techniques as feasible
• Perform vulnerability assessments

http://fpt.edu.vn 05/20/202 8
4
Understanding and Managing Exploits

• An exploit is the act of exploiting a vulnerability

• The result is a compromise to the system, an application, or
data
• Example: public-facing server
– Buffer overflow
– SQL injection attacks
– Denial of service (DoS) attacks
– Distributed denial of service (DDoS) attacks

http://fpt.edu.vn 05/20/202 9
4
Public-Facing Server Exploits

• Perpetrators
– Script kiddies, programmers
• Initiate
– Public server discovery
– Server fingerprinting
– Vulnerability discovery
• Find information about Vulnerabilities and Exploits
– Blogs, forums, security newsletters
– Common Vulnerabilities and Exposures (CVE) list
– Reverse engineering

http://fpt.edu.vn 05/20/202 10
4
Public-Facing Server Mitigation Techniques

• Remove or change defaults

• Reduce the attack surface
• Keep systems up to date
• Enable firewalls
• Enable intrusion detection systems (IDSs)
• Install antivirus software

http://fpt.edu.vn 05/20/202 11
4
Best Practices for Managing
Exploits Within Your IT Infrastructure

• Harden servers
• Use configuration management
• Perform risk assessments
• Perform vulnerability assessments

http://fpt.edu.vn 05/20/202 12
4

Lect 02
No ratings yet
Lect 02
6 pages
Dưới đây là bài thuyết trình được mở rộng chi tiết hơn với các nội dung và gợi ý cụ thể hơn cho từng slide
No ratings yet
Dưới đây là bài thuyết trình được mở rộng chi tiết hơn với các nội dung và gợi ý cụ thể hơn cho từng slide
5 pages
Lect 01
No ratings yet
Lect 01
32 pages
Lab 0
No ratings yet
Lab 0
8 pages
Lab 006
No ratings yet
Lab 006
13 pages
Lect 08
No ratings yet
Lect 08
13 pages
What-is-a-threat-for-midterm
No ratings yet
What-is-a-threat-for-midterm
3 pages
risk3e_ppt_ch02
No ratings yet
risk3e_ppt_ch02
25 pages
Security 101 - Vulnerabilities, Threats & Risk Explained - Splunk
No ratings yet
Security 101 - Vulnerabilities, Threats & Risk Explained - Splunk
3 pages
Ias101 Sbit3l W8sum Vida, John Paul S.
No ratings yet
Ias101 Sbit3l W8sum Vida, John Paul S.
3 pages
Week 1 Ch02-2
No ratings yet
Week 1 Ch02-2
16 pages
Module 4
No ratings yet
Module 4
31 pages
Vuln Man 91003
No ratings yet
Vuln Man 91003
42 pages
Quản lí và hiểu
No ratings yet
Quản lí và hiểu
1 page
Lect 05
No ratings yet
Lect 05
18 pages
RiskMgtSecurity_Banglisan-Cipriano-Crisostomo-Regalario.pdf
No ratings yet
RiskMgtSecurity_Banglisan-Cipriano-Crisostomo-Regalario.pdf
5 pages
Quoc
No ratings yet
Quoc
20 pages
Lecture 3
No ratings yet
Lecture 3
29 pages
Syllabus IAA202 - SU20
No ratings yet
Syllabus IAA202 - SU20
10 pages
IT-322-MODULE-2
No ratings yet
IT-322-MODULE-2
12 pages
Week 1 Ch02
No ratings yet
Week 1 Ch02
24 pages
Unit 3 - Threat Modelling
No ratings yet
Unit 3 - Threat Modelling
13 pages
What Is Vulnerability Management
No ratings yet
What Is Vulnerability Management
15 pages
Threat and Vulnerability
No ratings yet
Threat and Vulnerability
7 pages
chapter 5 cyber solutions part 2
No ratings yet
chapter 5 cyber solutions part 2
10 pages
Crisis
No ratings yet
Crisis
11 pages
Lect 05
No ratings yet
Lect 05
18 pages
Chapter 1 Introduction Risk Management
No ratings yet
Chapter 1 Introduction Risk Management
18 pages
2_CRM TEE NOTES
No ratings yet
2_CRM TEE NOTES
77 pages
Understanding Risk and Threat
No ratings yet
Understanding Risk and Threat
3 pages
EH unit 1 Book
No ratings yet
EH unit 1 Book
43 pages
Lect 10
No ratings yet
Lect 10
12 pages
Risk Management Approach Draft
No ratings yet
Risk Management Approach Draft
9 pages
Discuss in Details The Following Privacy Issues
No ratings yet
Discuss in Details The Following Privacy Issues
5 pages
Network Vulnerabilities Prevention Methods
No ratings yet
Network Vulnerabilities Prevention Methods
2 pages
Session 5 Cyber Security Risks and Vulnerabilities
No ratings yet
Session 5 Cyber Security Risks and Vulnerabilities
14 pages
Project Plan: Document Title: Project Plan Project Name: Vulnerability Management 1.0 Issue Date: 11/10/17
No ratings yet
Project Plan: Document Title: Project Plan Project Name: Vulnerability Management 1.0 Issue Date: 11/10/17
11 pages
Security Plus Unit 8
No ratings yet
Security Plus Unit 8
59 pages
Lec05_Vunerability_and_Attacks
No ratings yet
Lec05_Vunerability_and_Attacks
57 pages
Key Takeaways
No ratings yet
Key Takeaways
72 pages
Cybersecurity_Terminology__1740725824
No ratings yet
Cybersecurity_Terminology__1740725824
72 pages
Cyber Security
No ratings yet
Cyber Security
9 pages
The Difference Between Threat, Vulnerability, and Risk, and Why You Need To Know - Trava-Min
No ratings yet
The Difference Between Threat, Vulnerability, and Risk, and Why You Need To Know - Trava-Min
4 pages
Introduction-to-Security-Management
No ratings yet
Introduction-to-Security-Management
6 pages
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
No ratings yet
Eccouncil Ecihv2 1 2 1 What Is Vulnerability Management
4 pages
RMS Banglisan Cipriano Crisostomo Regalario
No ratings yet
RMS Banglisan Cipriano Crisostomo Regalario
13 pages
Lect 11
No ratings yet
Lect 11
13 pages
Vulnerability
No ratings yet
Vulnerability
1 page
Cybersecurity - Expert
No ratings yet
Cybersecurity - Expert
550 pages
Vulnerability, Risk & Control Measures
No ratings yet
Vulnerability, Risk & Control Measures
7 pages
Risk Management For Cybersecurity and IT Managers Study Guide PDF
No ratings yet
Risk Management For Cybersecurity and IT Managers Study Guide PDF
11 pages
Vulnerabilities and exploits in cyber security_ (1)
No ratings yet
Vulnerabilities and exploits in cyber security_ (1)
6 pages
Threats, Vulnerabilities, and Incident Response
No ratings yet
Threats, Vulnerabilities, and Incident Response
33 pages
Difference Between Threat, Vulnerability, and Risks
No ratings yet
Difference Between Threat, Vulnerability, and Risks
1 page
Threats
No ratings yet
Threats
9 pages
4. Threats
No ratings yet
4. Threats
9 pages
Discussion Board - (ITAS665)
No ratings yet
Discussion Board - (ITAS665)
4 pages
Practical Pentesting Guide: Preparation for Certification and Ethical Hacking
From Everand
Practical Pentesting Guide: Preparation for Certification and Ethical Hacking
Evan Blake
No ratings yet
IT Architecture For Dummies
From Everand
IT Architecture For Dummies
Kalani Kirk Hausman
5/5 (1)
Ethical Hacking
From Everand
Ethical Hacking
Elias Mutegi
No ratings yet
Lab01-Ex02
No ratings yet
Lab01-Ex02
4 pages
Lab01-Ex03
No ratings yet
Lab01-Ex03
4 pages
Lab01-Ex04
No ratings yet
Lab01-Ex04
7 pages
Lab01-Ex01
No ratings yet
Lab01-Ex01
4 pages
Ưerewstfsdgd
No ratings yet
Ưerewstfsdgd
1 page
Lect 13
No ratings yet
Lect 13
38 pages
Module 6 - Network-Forensics
No ratings yet
Module 6 - Network-Forensics
28 pages
Module 4-1 - Collecting-Evidence
No ratings yet
Module 4-1 - Collecting-Evidence
25 pages
Lect 09
No ratings yet
Lect 09
17 pages
Module 5-2 - Computer-Forensics
No ratings yet
Module 5-2 - Computer-Forensics
53 pages
Lect 12
No ratings yet
Lect 12
10 pages
Lect 15
No ratings yet
Lect 15
14 pages
Advance Encryption Standard
100% (1)
Advance Encryption Standard
85 pages
Configuring Telnet Using An Username & Password: Khawar Butt Ccie # 12353 (R/S, Security, SP, DC, Voice, Storage & Ccde)
No ratings yet
Configuring Telnet Using An Username & Password: Khawar Butt Ccie # 12353 (R/S, Security, SP, DC, Voice, Storage & Ccde)
7 pages
Cloud-Based Storage Report
No ratings yet
Cloud-Based Storage Report
12 pages
Ethical Hacking: CMR Engineering College
No ratings yet
Ethical Hacking: CMR Engineering College
23 pages
Chapter 3
No ratings yet
Chapter 3
24 pages
File Integrity Monitoring Best Practices
100% (1)
File Integrity Monitoring Best Practices
8 pages
94%-UGRD-IT6205 Information Assurance and Security 1
No ratings yet
94%-UGRD-IT6205 Information Assurance and Security 1
18 pages
Money Pad, The Future Wallet: Welcome To The Seminar
No ratings yet
Money Pad, The Future Wallet: Welcome To The Seminar
19 pages
20FantasticKaliLinuxTools PDF
100% (1)
20FantasticKaliLinuxTools PDF
12 pages
ISO27k Toolkit Overview Andh Contents 5v2
No ratings yet
ISO27k Toolkit Overview Andh Contents 5v2
8 pages
CSX F
No ratings yet
CSX F
4 pages
Unit-IV TLS
No ratings yet
Unit-IV TLS
36 pages
Freeradius en Part1 PDF
No ratings yet
Freeradius en Part1 PDF
48 pages
Zero Trust Network Access-7.0-Deployment Guide
No ratings yet
Zero Trust Network Access-7.0-Deployment Guide
38 pages
Gujarat Technological University
No ratings yet
Gujarat Technological University
2 pages
Tomcat Vulnerability Sample Report
No ratings yet
Tomcat Vulnerability Sample Report
11 pages
Ethical Hacking
No ratings yet
Ethical Hacking
2 pages
Self-Assessment Questionnaire D: and Attestation of Compliance
100% (2)
Self-Assessment Questionnaire D: and Attestation of Compliance
54 pages
KKC
No ratings yet
KKC
279 pages
Njrat/Bladabindi Rat Download Agent Tesla Keylogger: TLP: White HTTPS://WWW - Us-Cert - Gov/Tlp
No ratings yet
Njrat/Bladabindi Rat Download Agent Tesla Keylogger: TLP: White HTTPS://WWW - Us-Cert - Gov/Tlp
2 pages
Cybersecurity Category Interview Questions
No ratings yet
Cybersecurity Category Interview Questions
71 pages
BCS Midterm
No ratings yet
BCS Midterm
4 pages
Computer Viruses
No ratings yet
Computer Viruses
12 pages
Abaygar Mike Francis Case Study
No ratings yet
Abaygar Mike Francis Case Study
3 pages
Blockchain-Based ssi
No ratings yet
Blockchain-Based ssi
8 pages
S.No Test Case Name Description Steps
No ratings yet
S.No Test Case Name Description Steps
6 pages
CTE 244 Computer Networking: Engr. Usman Ishaq Karofi
No ratings yet
CTE 244 Computer Networking: Engr. Usman Ishaq Karofi
13 pages
Learning From Others' Mistakes: Penetration Testing Iot Devices in The Classroom
No ratings yet
Learning From Others' Mistakes: Penetration Testing Iot Devices in The Classroom
8 pages
E-Commerce: Business. Technology. Society
No ratings yet
E-Commerce: Business. Technology. Society
32 pages
paras sharma. internship report[1]-1
No ratings yet
paras sharma. internship report[1]-1
17 pages