Techniques and tools for assessing network vulnerabilities
The word vulnerability refers to a weakness in a system allowing an attacker breaching confidentiality, integrity, availability, access control and consistency of the system or its data and applications. The vulnerabilities are the result of bugs or flaws in the system design. Although, in a broader sense, they may also be the result of their own technological limitations, because in principle there is no 100% secure system. Therefore there are theoretical vulnerabilities and real vulnerabilities (known as exploits).
The vulnerability analysis, sometimes called vulnerability scanning, is the act of determining which holes and security vulnerabilities may be applicable to the target network. To do this, we examine identified machines within the target network to identify all open ports and operating systems and applications the hosts are running (including version number, patch level, and service pack). In addition, we compare this information with several databases vulnerability Internet to see what current vulnerabilities and exploits may be applicable to the target network.
Vulnerability assessment is a key factor in information security in a company. Day to day are vulnerabilities in different operating systems, or applications, email program, among others. Any type of network is totally untouchable.
You should protect the older systems environment as it does with the peripheral environment. Protection and network security require analyzing business needs, budgetary constraints and security considerations to be discussed in detail in the following sections:Comprehensive Defense.
Control the perimeter.
Planning errors and incident response.
Audit and Oversight.
Awareness and information.
This course is designed to have the necessary knowledge and identify the following:Identification of security flaws.
Analysis of vulnerabilities on computers to evaluate.
Enumeration of vulnerabilities, risks and possible solutions.
The verification of vulnerabilities.
Run the start of a security plan for corrective action.