Evaluate the types of assessments, select one that you might use, and explain why it is important. (Vulnerability Assessment And Vulnerability Management Life Cycle)

Of the top nine areas to research when conducting an assessment, select no less than three and explain how one should approach the research and why it should be approached that way.

Be sure to respond to at least one of your classmates’ posts.

Answer 2 classmates

Robert Newkirk JR.

Hello Professor Peavy and Class!

Here is my thought on this week’s discussion topic!

Evaluate the types of assessments, select one that you might use, and explain why it is important.

After evaluating the information that we have learned this week from our readings, I would defiantly lean towards the Vulnerability Assessment.

The Vulnerability Assessment is essential to all organizations because it helps identify a weakness in a systems infrastructure. The Vulnerability Assessment will include identifying weaknesses to the web server, the application running on the system, and any liability to the operating system. The main goal of the Vulnerability Assessment is not only to identify the weakness but to make a plan of action and to mitigate the weaknesses found during the Vulnerability Assessment. Doing a Vulnerability Assessment of your company’s infrastructure is a proactive way to help safeguard sensitive information.

Source:

TestOut Ethical Hacker Pro. 2020. 7.1.2 Vulnerability Assessment Facts. This is our SEC 240 Textbook.

Of the top nine areas to research when conducting an assessment, select no less than three and explain how one should approach the research and why it should be approached that way.

Misconfiguration: Is a big area to do research because Human error is likely to be the primary cause of a misconfiguration. Applications platforms, Servers, Databases, and networks are all at risk due to human errors. Other areas to research for misconfigurations like outdated software and applications are services running in the background. You need to check to see if unnecessary services are running regularly; if so, then stop the service that is running. External systems that have incorrect authentication, applications with disabled security settings, and debugging enabled on application. You can use the task manager to check to see what services are running on your computer. You can use the internet to search to see what services are running and to determine if they need to be running all the time. Regularly use Windows Security and Update to check for new drivers, security patches, and application software and updates. The Windows update and security tool are located in Windows setting in Windows 10. Vulnerability scanners come in all flavors, and they all have different features. Some are free, and some cost money. The following link shows all kinds of Vulnerability scanners, and you can check the difference between each one to see what is best for your organization.

Source:

OWASP. 2020. Vulnerability Scanning Tools. https://owasp.org/www-community/Vulnerability_Scanning_Tools

Default Settings: All appliances, routers, switches, and network equipment are shipped from the manufacturer with default usernames and passwords. The safety of your organization must have these settings changed when you install them. It is not hard to get the default username and password to equipment on the internet. They have websites that list every manufacture’s equipment default usernames and passwords. It would be best if you researched the equipment that you are in charge of at work. Having strong passwords will help fight against the Vulnerabilities of your network. The following link will give you an example of how easy it is to find default passwords.

Source

PortScanner.com. 2020. Default Usernames and Passwords. https://portscaner.com/router-password-default

Open Services: Open ports are essential to check regularly. Port scanners like n-map will help you to find what ports are open. As a security professional, you need to know what each port is and what service is using on that port. All ports not being used should be closed. Managing this will help tighten your network from unauthorized access and help stop attacks on connected nodes or devices.

Source

TestOut Ethical Hacker Pro. 2020. 7.1.1 Vulnerability Assessment. This is our SEC 240 Textbook.

Have a great week!

Robert C. Newkirk, Jr.

Delante White

Vulnerability is defined as the process of understanding and preparing for any kind of attack/damage that could happen to particular software.

There are various types of vulnerability assessments and are required in every kind of business. Small small business, large scale businesses all require vulnerability assessments. Some of the types of vulnerability assessment are:

Database vulnerability assessment: This type of assessment is required when the work is related to the database i.e. backend. In this kind of assessment, the user analyses the possible attacks that could occur to the database. The problems the user can witness while ensuring the security of the database and the data stored remains consistent.

Front-end vulnerability assessment: This type of assessment is required when working with front end designs like web pages, websites, front-end applications. In this assessment, the user is required to under the security threats, issues, and problems that could occur with the front-end of the page.

Wireless vulnerability assessment: In this assessment, the user deals with the issues related or could occur with the wireless setup and hence prepare solutions priorly for the possible issues or plans.

There are various other multiple types of vulnerabilities depending upon the business type. According to me, all the vulnerability assessment are important but then if to choose one specif could be database vulnerability assessment. Testing the software if they are updated regularly, data stored should be consistent, data stored is secured and threat free. The database vulnerability ensures that the business never fails as the data nowadays is the most important. Everything nowadays revolves around the data.

Hence database vulnerability assessment is very important.

Of the top nine areas to research when conducting a vulnerability assessment, some of them are:

Analyzing the business type and understanding the types of security threats or issues that are possible in the business.

Finding or planning optimal solutions that could be used for the threats or issues that have been discovered so that those methods could be used and the solution could be used to that problem.

When performing vulnerability assessment, it’s important to understand the business and also the hardware and the software being used in the business so that optimum backups could be planned if at some point of time there is an issue in hardware or software of the company/business.

Ensuring there are regular vulnerability assessments so that the solutions for the problems are latest and regularly updated.